Medibank confirms customer data stolen in hack

Medibank, an Australian health insurance company, has confirmed that they have been hit with a cyberattack. The attackers claim to have stolen over 200GB of data from the company. Medibank has not specified if all or some of its 4 million customers are at risk, but confirms that personally identifiable information of its patients have been stolen.

In a public statement, Medibank elaborates that data consisting of “location of where a customer received medical services and codes relating to their diagnosis and procedures,” was part of the data breach.

Not confirmed by Medibank, the hackers responsible also claim to have stolen credit card information, according to Tech Monitor.

The attack reportedly occurred last Thursday, October 20th, and is under investigation by the Australian Federal Police.

Victims of the cyberattack are urged to “remain vigilant, seek advice from independent trusted sources, including the Australian Cyber Security Centre.”

Medibank announced that they will be “isolating and removing access to some customer-facing systems to reduce the likelihood of damage to systems or data loss.”

Chief Executive Officer David Koczkar apologized to Medibank customers for the cyber incident.

“Our highest priority is resolving this matter as transparently and quickly as possible. We will continue to take decisive action to protect Medibank Group customers and our people.”

Koczkar continued, “We recognise the significant responsibility we have to the people who rely on us to look after their health and wellbeing and whose data we hold.”

The healthcare industry remains under constant threat of cyberattacks and ransomware across the globe. Hospitals and healthcare contain highly-sensitive personally identifiable information, with complex and outdated information technology systems (vulnerable to attack).

This is also the second significant cyber incident in Australia in the past couple of months, when a cyberattack hit Optus. Over 2.8 million customers were affected by the breach, with personally identifiable information leaked.


Discover more from Cybersecurity Careers Blog

Subscribe to get the latest posts sent to your email.