Medibank admits ransomware attack is far worse than previously thought
Zach Marzouk
A close up of a digital display showing the Medibank logo partially obscured by red and blue balloons
The company now believes around 9.7 million past and present customers have been affected by the attack, and has said it is refusing to pay the ransom
Medibank has revealed that 9.7 million current and former customers have been affected by a cyber attack on the company's systems in October, with those affected being substantially higher than previously thought.
The company, one of Australia’s largest health insurance providers, disclosed on 19 October that it had been hit by a cyber attack and was negotiating with the attackers. A week later, Medibank said the attacker had access to all of its 3.9 million customer data and hinted that the number of affected customers in the attack could grow substantially.
Following an investigation, the company has now revealed the attacker gained access to the data of 9.7 million current and former customers. It said that it’s required by law to retain certain customer information, including former customers, for particular periods of time, generally for seven years from when a customer leaves the company, but sometimes longer.
The 9.7 million figure represents around 5.1 million Medibank customers, 2.8 million customers belonging to Medibank subsidiary Ahm, and around 1.8 million international customers. The attacker also accessed Medicare numbers for Ahm customers, and passport numbers and visa details for international student customers.
Health claims data for around 160,000 Medibank customers were also accessed, as well as those belonging to 300,000 Ahm customers, and 20,000 international customers. This included service provider name and location, the location where customers received medical services, and codes associated with diagnosis and procedures administered.
The company also has decided that it will not make a ransom payment to the attacker responsible for the data theft. It said this decision is consistent with the position of the Australian government.
“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” said Medibank CEO David Koczkar.
“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”
The company added that it believes that all of the customer data accessed could have been taken by the hackers. It advised customers to remain vigilant as the attackers could publish the data online or attempt to contact customers directly.
SEE MORE Australia to increase maximum data breach penalty to $50 million
SEE MORE Medibank begins negotiations with hackers who claim to have stolen data in last week’s cyber attack
SEE MORE Medibank reveals damning extent of hack that could cost $35 million
Medibank added that its business operations weren’t affected during the cyber attack and that it hasn’t detected any more suspicious activity inside its systems since 12 October 2022. It has also boosted its existing monitoring capabilities, added further detection and forensics capabilities, and scaled up analytical support through third parties.
This comes as the Australian government is looking to introduce tougher penalties for serious privacy breaches after the country has been exposed to a number of cyber attacks recently.
In October 2022, the attorney general said the maximum penalty will rise from $2.22 million (£1.2 million). Companies will be fined a new maximum of whatever is greater of three potential numbers: 30% of a company's adjusted turnover in the relevant period, three times the value of any benefit obtained through the misuse of information, or $50 million (£27 million).
Zach Marzouk
A close up of a digital display showing the Medibank logo partially obscured by red and blue balloons
The company now believes around 9.7 million past and present customers have been affected by the attack, and has said it is refusing to pay the ransom
Medibank has revealed that 9.7 million current and former customers have been affected by a cyber attack on the company's systems in October, with those affected being substantially higher than previously thought.
The company, one of Australia’s largest health insurance providers, disclosed on 19 October that it had been hit by a cyber attack and was negotiating with the attackers. A week later, Medibank said the attacker had access to all of its 3.9 million customer data and hinted that the number of affected customers in the attack could grow substantially.
Following an investigation, the company has now revealed the attacker gained access to the data of 9.7 million current and former customers. It said that it’s required by law to retain certain customer information, including former customers, for particular periods of time, generally for seven years from when a customer leaves the company, but sometimes longer.
The 9.7 million figure represents around 5.1 million Medibank customers, 2.8 million customers belonging to Medibank subsidiary Ahm, and around 1.8 million international customers. The attacker also accessed Medicare numbers for Ahm customers, and passport numbers and visa details for international student customers.
Health claims data for around 160,000 Medibank customers were also accessed, as well as those belonging to 300,000 Ahm customers, and 20,000 international customers. This included service provider name and location, the location where customers received medical services, and codes associated with diagnosis and procedures administered.
The company also has decided that it will not make a ransom payment to the attacker responsible for the data theft. It said this decision is consistent with the position of the Australian government.
“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” said Medibank CEO David Koczkar.
“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”
The company added that it believes that all of the customer data accessed could have been taken by the hackers. It advised customers to remain vigilant as the attackers could publish the data online or attempt to contact customers directly.
SEE MORE Australia to increase maximum data breach penalty to $50 million
SEE MORE Medibank begins negotiations with hackers who claim to have stolen data in last week’s cyber attack
SEE MORE Medibank reveals damning extent of hack that could cost $35 million
Medibank added that its business operations weren’t affected during the cyber attack and that it hasn’t detected any more suspicious activity inside its systems since 12 October 2022. It has also boosted its existing monitoring capabilities, added further detection and forensics capabilities, and scaled up analytical support through third parties.
This comes as the Australian government is looking to introduce tougher penalties for serious privacy breaches after the country has been exposed to a number of cyber attacks recently.
In October 2022, the attorney general said the maximum penalty will rise from $2.22 million (£1.2 million). Companies will be fined a new maximum of whatever is greater of three potential numbers: 30% of a company's adjusted turnover in the relevant period, three times the value of any benefit obtained through the misuse of information, or $50 million (£27 million).
Similar Readings (5 items)
Insurers' Japan units say 2 mil. customers' data breached
Tokio Marine reveals major potential customer data leak
Summary: Phone numbers of Australian PM, other key politicians reportedly leaked online
Conversation: Hacker group claims responsibility for attack on Japanese beverage giant Asahi
Summary: Japanese beverage giant Asahi confirms ransomware attack
Summary
Medibank, an Australian health insurance provider, confirms a cyber attack affected 9.7 million customers, including current, former, and international ones. Data compromised includes personal information, Medicare numbers for Ahm customers, and health claims data. The company refuses to pay the
Reading History
| Date | Name | Words | Time | WPM |
|---|---|---|---|---|
| 2022/11/08 13:51 | Anonymous | 611 | - | - |