Credit: Medibank
Cyber criminals have stolen 200 gigabytes of sensitive information, including medical details, from the private health insurer Medibank.
The publicly listed insurer entered a trading halt on 19 October before telling customers and shareholders it had been contacted by a criminal claiming to be in possession of the data.
According to Medibank, the data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data.
The claims data also includes the location of where a customer received medical services, and codes relating to their diagnosis and procedures.
The criminal, which provided a sample of records for 100 policies allegedly from Medibank’s ahm and international student systems, claims to have stolen other information, including data related to credit card security.
However, these have not yet been verified by Medibank’s investigations, the insurer said.
The cyber incident is now the subject of an investigation by the Australian Federal Police and Medibank said it is in the process of contacting customers.
“We expect the number of affected customers to grow as the incident continues,” Medibank told shareholders. “We will continue to contact affected customers. Medibank urges our customers to remain vigilant and encourages them to seek independent advice from trusted sources, including the Australian Cyber Security Centre at cyber.gov.au
“As always, Medibank will never contact customers requesting passwords or other sensitive information.”
Medibank said it had first detected suspicious activity on 12 October, taking its student and ahm systems offline immediately and enlisting external cyber experts to assist.
Following the report, cyber security minister Clare O’Neil has warned of a world “under relentless cyber-attack".
Speaking on ABC radio on 2 October, O’Neil said: “What it means is that we need to do a lot better as a country to make sure that we are doing everything we can within organisations to protect customer data, and also for citizens to be doing everything that they can.”
