Medibank hackers threaten to release customer data

Share

Minister for Cyber Security Clare O’Neil states that the Medibank hackers’ threats to release stolen personal health information are a “dog act”. 

The health insurer recently revealed it had received messages from the alleged hackers claiming they had removed customer data, less than a week after it experienced a cyber security breach. 

The alleged hacker claimed to have stolen 200Gb of data – including names, addresses, dates of birth and Medicare and phone numbers – along with locations of where customers got medical treatment and, importantly, information about diagnoses and procedures. 

Minister O’Neil said the hackers were trying to negotiate with Medibank while holding the information hostage. 

“Financial crime is a terrible thing, but ultimately a credit card can be replaced … The threat being made here, to make the private, personal health information of Australians available to the public, is a dog act,” she said. 

“The toughest and smartest people in the Australian government are working directly with Medibank to try to ensure this horrendous criminal act does not turn into what could be irreparable harm.” 

An investigation has been launched, with federal government agencies working alongside Medibank.  

The health insurer says affected customers were contacted beginning on Thursday morning, adding they expect the number of people involved to grow. 

Medibank chief executive David Koczkar unreservedly apologised to everyone affected by the incident. 

“I know many will be disappointed with Medibank and I acknowledge that disappointment,” he said. 

“We will learn from this incident and will share our learnings with others … Medibank will remain open and transparent and will continue to provide comprehensive updates as often as we can and need to.” 

The federal government says the Medibank hack, following the recent widespread data breach at telecommunications company Optus, is a wake-up call for business. 

Minister O’Neil said agencies were working to stop the data from being released on the internet. 

“This is the new world that we live in. We are going to be under relentless cyber attacks essentially from here on in,” she said. 

“We need to do a lot better as a country to make sure that we are doing everything we can within organisations to protect customer data and also for citizens to be doing everything they can.” 

Minister O’Neil said it was too early to tell how many customers had been affected by the Medibank hack after speaking with the insurer’s CEO. 

It is now working alongside federal police and the Australian Signals Directorate to manage the breach. 

The Australian Securities Exchange-listed Medibank went into a trading halt after it was contacted by the alleged hackers. 

 With AAP