Private insurer Medibank’s app, stores, contact centre and IT systems will go dark this weekend as it overhauls its cybersecurity following the nation’s worst data breach in corporate history.
From 8.30pm AEDT on Friday, Australia’s largest health insurer will shut down its IT systems followed by retail store and customer contact centre closures on Saturday to “further strengthen systems and enhance security protections”. The ASX-listed company expects normal activity to resume by Sunday at the latest.
Microsoft IT security experts from the Asia-Pacific region will travel to Medibank’s Melbourne headquarters to assist with the operation, which was said to have been planned over several weeks and will be Medibank’s first shutdown of such scale.
The overhaul is part of a series of maintenance strategies, termed “Operation Safeguard”, established after the personal information of up to 10 million current and former Medibank customers was breached in a cyberattack.
The data was released on the dark web when Medibank refused to pay a $15 million ransom demanded by the hackers, who police have said were based in Russia. The company said the damaging cyberattack will cost the firm at least $35 million in initial recovery costs, though that is likely to grow as law firms and regulators circle.
Loading
A Medibank spokesperson said although there had been “no further suspicious activity” detected inside its systems since October, the insurer was carrying out further maintenance to strengthen its online security.
Since the hack, Medibank has bolstered monitoring, added detection and forensics capability across its system, and scaled up analytical support via specialist third parties. It also recently introduced two-factor authentication – where access is granted only after providing a code sent to one’s email or SMS – in Medibank contact centres to increase the level of security for customers when calling for support.
During the shutdown, customers will be unable to access services for Medibank and its discount ahm brand online or in person, and instant electronic health claims will be unavailable. However, Medicare-owned healthcare service Amplar Health, including the 24/7 critical health support lines, will continue operating.