Locked padlock with "Ransomware" underneath

Medibank Insurance Company confirms recent ransomware attack, hackers threaten to leak 200GB of personal data

Medibank Private Limited an Australian health insurance company has confirmed that a ransomware attack has compromised its infrastructure. Although it temporarily disrupted service, it has been overcome and systems are back online.

One of Australia’s biggest private health insurance companies, Medibank Private Limited has 4,000 workers and serves more than 3.7 million people.

According to Medibank CEO David Koczkar, no systems had been encrypted, and no proof of any loss of user data had been detected. The company apologised for the short service disruptions, acknowledged that a ransomware attack had occurred, and informed clients that regular business activities had restored.

In a statement, the company clarified:

As part of our response to this issue, Medibank will isolate and limit access to some customer-facing services in order to minimise the risk of system damage or data loss.

On Wednesday, October 12, the company discovered suspicious network activity and at once shut down some of its systems, mainly customer-facing services, to minimise the risk of data loss.

Madibank Email Notification
Medibank Email Notification to Clients

The notice gave the first assurance about the security of sensitive private data while also indicating that the investigation was continuing.

According to Medibank, it follows:

As a further precaution, we’ve put in place additional security measures across our network, and we continue to work with external cybersecurity experts and the Australian Government’s lead cyber agency, with our forensic investigation continuing.

That was then…this is now

Since the above ransomware attack was confirmed, and minds were put at rest as to the lack of any stolen data, hackers have claimed to have stolen 200GB of data.

  • On Thursday, Oct 20th, Medibank confirmed a criminal has provided the company with a sample of 100 records, which it believes are from its systems.
  • The company expects that more people will be impacted as investigations continue 

Medibank holds a range of sensitive information by virtue of being a health insurance company.

Of the 100 records supplied by the hacker, Medibank says the data includes:

  • First names and surnames
  • Addresses
  • Dates of birth
  • Medicare numbers
  • Policy numbers
  • Phone numbers
  • Data from claims made to the insurer

The data also includes details about where customers received medical services, the codes relating to their diagnosis and procedures. 

The hacker also claims to have credit card details, however, this has not yet been verified by Medibank.

Problems with Australia’s IT

Over the past few of weeks, there have been a number of significant cybersecurity events in Australia. Recent cybersecurity incidents in Australia have included data breaches at Telstra and Optus. The Australian Federal Police’s undercover agent names and operation information were revealed via the breach of a Colombian government database (AFP).

The Australian government is expected to quickly implement more strict information security laws in reaction to such attacks. One possibility is the development of a system for preventing and responding to cyberattacks.

Ransomware attacks like the one above are often caused by employees falling victim to malicious email attacks. Help your colleagues spot online scams like these, along with phishing emails and other cyber threats by starting your Phishing Tackle security awareness training today with our two-week free trial.

Recent posts