)
Private health insurance giant Medibank (ASX: MPL) has told shareholders it is taking messages received from a group that wishes to negotiate with the company regarding the alleged removal of customer data ‘seriously’.
In a late-afternoon ASX updated posted yesterday, Medibank said the new development would likely cause concerns for customers, but confirmed that its systems had not been encrypted by ransomware.
The company, which has close to four million customers, said it was working to establish if the claim was true, but noted that based on its ongoing forensic investigation it was ‘treating the matter seriously at this time’.
“As a health company providing health insurance and health services, Medibank holds a range of necessary personal information of customers,” Medibank said.
“Medibank will continue to keep our customers updated.”
The update comes after the company told shareholders earlier this week that no customer data was removed from its servers in an attempted ransomware attack.
The company said the ‘unusual activity’ detected last week was consistent with the precursors to a ransomware event, implying the company’s cyber security systems were able to halt something potentially quite damaging to the firm.
However, following this latest update from Medibank the company has entered into a trading halt.
The insurer also said it was working with cyber security firms and the Australian Cyber Security Centre (ACSC).
“I apologise and understand this latest distressing update will concern our customers,” Medibank CEO David Koczkar said.
“We have always said that we will prioritise responding to this matter as transparently as possible. Our team has been working around the clock since we first discovered the unusual activity on our systems, and we will not stop doing that now.
“We will continue to take decisive action to protect Medibank customers, our people and other stakeholders.”
)
