Sign Up
..... Australian Property Network. It's All About Property!
Categories

Posted: 2022-11-07 07:32:03

Shane Bell, a cybersecurity expert with McGrathNicol, backed Medibank’s stance.

“There’s absolutely zero verification provided back to you that they will do what they say they’ll do,” he said.

“You’re taking them at face value. They say they’ll delete the data, and not publish it, but in my experience they won’t provide it back to you even if you ask.”

Koczkar said the group was unaware of any cases where the hack has been linked to cybercrime directed against customers, but it was bracing for the possibility that this exploitation might now start with its refusal to pay.

This could occur via the publishing of customer data online or an attempt to contact customers directly.

“I encourage any customer who actually has their data compromised – because we have no evidence of that data being released externally – then please get in touch with us. Or, with the government through Report Cyber,” he said.

The hackers have threatened to sell 200 gigabytes of stolen data unless Medibank paid a ransom.

The hackers have threatened to sell 200 gigabytes of stolen data unless Medibank paid a ransom. Credit:AP

The update from Medibank said basic customer information of 9.7 million current and former customers was accessed, but it was able to narrow down the number of customers who had their private health information accessed to less than 500,000.

This includes 160,000 Medibank customers, about 300,000 customers of its budget ahm brand, and about 20,000 international customers.

The group said this included service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered. Additionally, about 5200 My Home Hospital (MHH) patients have had some personal and health claims data accessed and about 2900 next of kin of these patients have had some contact details accessed.

Loading

Medibank said the data accessed for all 9.7 million current and former customers consisted of customer name, date of birth, address, phone number and email addresses. It represents about 5.1 million Medibank customers, about 2.8 million ahm customers and about1.8 million international customers

The company reiterated that no credit card details were stolen.

It might not be enough to convince customers that Medibank is worth staying with.

Sutherland resident Gary Laing, 61, has been with Medibank since he was 18 and found out about the hack while listening to Sydney’s radio 2GB.

Laing received two emails from Medibank saying his information was “safe” but he is less than convinced, labelling the breach of his private details as “disgusting”.

Gary Laing, 61, has been a Medibank Private customer for decades.

Gary Laing, 61, has been a Medibank Private customer for decades. Credit:Fairfax Media

After years of loyalty to the insurance provider, Laing is expecting some level of compensation.

“I’m waiting on a law firm to start a class action against them,” he said.

“I won’t move [providers] at the moment but will consider it if no compensation is paid to us.”

Loading

On Monday, Medibank also announced it would commission an external review with more details to be announced in the near future.

“Medibank commits to sharing the key outcomes of the review, where appropriate, having regard to interests of its customers and stakeholders and the ongoing nature of the Australian Federal Police investigation.”

An update could come as early as the company’s annual shareholder meeting next week.

Medibank first revealed the cyber incident last month, but initially said there was no evidence customer data had been accessed. This escalated the following week when Medibank received a ransom note from the hackers, which was also sent to The Sydney Morning Herald and The Age.

The unknown group said it would sell 200 gigabytes of stolen data unless Medibank paid a ransom. The hackers also threatened to release confidential records of Medibank’s 1000 most famous customers.

The cyberattack is the subject of an Australian Federal Police investigation.

Koczkar said last month the company continued to work closely with agencies of the federal government, including the ongoing criminal investigation into this matter.

“This is a malicious attack that has been committed by criminals with a view of causing maximum fear and damage, especially to the most vulnerable members of our community,” he said.

Loading

Ratings agency Fitch said the Medibank cyberattack underscored that financial institutions and corporates with large amounts of sensitive client data were at higher risk. But the agency highlighted the fact that Australian companies were particularly vulnerable to attack.

“In Australia, the lack of sufficient penalties and accountability has made organisations more attractive targets and underlines a demand for a more comprehensive and vigorous approach,” Fitch said in a report on Friday.

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

View More
  • 0 Comment(s)
Captcha Challenge
Reload Image
Type in the verification code above