Australian private health insurance provider Medibank confirmed that the cyberattack the company suffered earlier this month impacted the data of 4 million customers. In an announcement on October 26, the company shared details of the compromised data. As opposed to the earlier announcement, the latest one stated that the data of AHM customers’ including personal and health claim information, is at risk. Medibank owns Australian health management group (AHM) health insurance.
What the latest announcement said:
Accessed data
The ongoing investigation of the Medibank data breach has revealed that besides all AHM customers’ data and health claim data, all international student customers’ and Medibank customers’ data and health claim information were also breached.
Removed data
Besides access, the report added that many customers’ data was removed. Medibank stated that the number of impacted individuals is expected to rise as the investigation continues. “As we’ve continued to say, we believe that the scale of stolen customer data will be greater, and we expect that the number of affected customers could grow substantially. I apologise unreservedly to our customers. This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community,” the CEO of Medibank, David Koczkar, said in the announcement.
As the IT systems of Medibank were not impacted or encrypted by ransomware, the operations with customers are functioning as usual. The company stated that further updates would be provided at their upcoming annual general meeting on 16 November 2022.
Support for impacted customers
Customers impacted by the data breach will have support packages to help them prevent as much damage as possible. It includes:
- Reimbursement of the fees incurred in re-issuing the identity documents that were fully exposed
- Individually provided financial support in the form of hardship packages to customers who are in a uniquely vulnerable position.
- Specialist identity protection advice and resources from IDCARE. IDCARE provides identity and cybersecurity-related help.
- Medibank’s mental health support to all its customers.
Medibank published a press release about the data breach on October 13. The press release stated that the company took its systems offline pertaining to the AHM and international student policy.
