Australia’s largest health insurer says it has not yet determined the extent of the breach, with the AFP now also becoming involved.
Medibank has revealed the scale of its customer data breach may be much larger than first anticipated, warning it is still ‘too soon’ to determine how much information has been stolen.
It was originally thought that the breach had been restricted to international students and customers of subsidiary ahm, but the private health insurer acknowledged on Tuesday (25 October) that it has ‘become clear’ that the stolen information also includes Medibank customers.
‘This is a distressing development and Medibank unreservedly apologises to our customers,’ the company said in a press release.
‘As we continue to investigate the scale of this cybercrime, we expect the number of affected customers to grow as this unfolds.’
The same press release also confirmed that the incident is ‘subject to a criminal investigation by the Australian Federal Police [AFP]’.
The implications of the breach became clearer after the alleged hacker (or hackers) sent a series of files to the insurer, including more than 1100 ahm policy records containing personal and health claim data, as well as files containing ‘some’ customer data from Medibank’s more than 3.9 million policy holders.
A company spokesperson was unable to confirm the number of provider details that have been compromised as part of the breach but said Medibank has been contacting affected customers directly to provide support and guidance.
The person or people behind the breach reportedly claim to have stolen 200 gigabytes worth of personal data, including names, addresses, dates of birth, Medicare numbers, phone numbers, and medical claims data.
The Guardian is reporting that a person with high-level access within Medibank’s systems had their credentials stolen and placed for sale on a Russian-language cybercrime forum.
Hackers then reportedly bought this information and used it to establish two ‘backdoors’ into Medibank’s network, which were eventually used as part of the attack.
Meanwhile, Nine Newspapers is reporting that the hackers have threatened to release the information of 1000 high-profile Australians if their demands, which have not been publicly disclosed, are not met.
Log in below to join the conversation.
cyber security data breach Medibank
Login to comment
Terms and conditions | Privacy statement | RACGP | recruitGP | AJGP
© 2018 The Royal Australian College of General Practitioners (RACGP) ABN 34 000 223 807