“We will not pay a ransom”: Medibank cyberattack impacts 9.7m customers

“We will not pay a ransom”: Medibank cyberattack impacts 9.7m customers

Private health insurer Medibank (ASX: MPL) has announced today it will not pay ransom for the data theft of its 9.7 million current and former customers, instead warning Australians they may be contacted by criminals or see their data published online.

Medibank shares rose 2.3 per cent following the declaration, although they are still down 18 per cent from when the issue first came to light.

The update comes more than two weeks after the company said it was contacted by a criminal regarding the stolen data, which has now been confirmed to affect roughly 5.1 million Medibank customers, 2.8 million ahm customers and 1.8 million international customers.

International students also had their passport numbers and visa details accessed.

“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published,” Medibank CEO David Koczkar said.

“In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”

“It is for these reasons we have decided we will not pay a ransom for this event.”

The attack also saw the hacker gain access health claims data for roughly 160,000 Medibank customers, 300,000 ahm customers and 20,000 international customers. This includes service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered.

The breach also targeted the public health system, with 5,200 My Home Hospital customers in South Australia having their personal and health claims data accessed. Around 2,900 next of kin of these patients also had some contact details stolen.

Medibank, which does not have cyber insurance, estimates the breach could cost between $25 million to $35 million, excluding costs accrued in remediation or legal fees.

“We take seriously our responsibility to safeguard our customers,” Koczkar said.

“The weaponisation of their private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community.

“Medibank will also commission an external review to ensure that we learn from this event and continue to strengthen our ability to safeguard our customers.”

The update comes three days after eco-friendly online retailer Flora & Fauna – which was acquired by BWX last year for $26 million – identified that malicious code inserted into its website may have resulted in customer credit card numbers and expiry dates being shared to an unauthorised third party.

Approximately 2,500 Flora & Fauna customers who accessed the website between 13 August 2022 and 29 September 2022 have been notified of the possibility that their credit card number and expiry date were stolen.

BWX does not anticipate a material impact on its business due to the incident, although it has been suspended from trading since August given it still has not delivered audited financial results for FY22.

Help us deliver quality journalism to you.
As a free and independent news site providing daily updates
during a period of unprecedented challenges for businesses everywhere
we call on your support

Deliver on sustainable business promises with Modern Group’s WincovER rating
Partner Content
As a business owner, you’ll know that sustainability is a core part of developing...
Modern Group
Advertisement

Related Stories

Balmain Leagues Club $500m redevelopment with Rozelle Village planned to start by mid-2023

Balmain Leagues Club $500m redevelopment with Rozelle Village planned to start by mid-2023

Chinese developer Heworth has rejigged its plans for the redevelopm...

Butter Insurance raises $1.3m to roll out insurance-at-checkout vision

Butter Insurance raises $1.3m to roll out insurance-at-checkout vision

Sydney-based insurtech Butter Insurance is gearing up for its natio...

TMG Developments looks to sell Sydney's iconic Manly Wharf

TMG Developments looks to sell Sydney's iconic Manly Wharf

The family-owned company that redeveloped the Manly Wharf as a food...

Ellume plucked out of administration by rapid test competitor for $57m

Ellume plucked out of administration by rapid test competitor for $57m

Brisbane-based rapid COVID-19 test maker Ellume has been plucked ou...