More Medibank customers may have had their information stolen after the health insurance provider revealed the cyber attack on the company was wider than first thought.
Here’s what we know and what Medibank has told you to do if you’re a customer.
What was today’s update?
On Tuesday morning, Medibank confirmed that data for its main brand has also been deemed compromised.
Medibank said it had come to this conclusion after receiving customer data from criminals that included details from the three entities.
Medibank previously said the breach only affected customers of its subsidiary, ahem, and data collected on international students studying in Australia who use Medibank with its OSHC service.
what happened last week
- Medibank was hit by a cyber attack on October 13, but at the time the company said there was no evidence that sensitive data had been accessed.
- Last Wednesday, it issued a statement saying it received a message from a group claiming to be hackers
- As a result, the company halted trading on the stock market
- Cybersecurity Minister Clare O’Neil said the attack had been referred to the Australian Federal Police
- Medibank also works with the Australian Cyber Security Agency and the Australian Signals Directorate
- Last Thursday, Medibank confirmed that a criminal has provided the company with a sample of 100 records, which it believes are from its systems.
- The company expects more people to be affected as investigations continue
What should Medibank customers do?
All Medibank and ahm customers have been urged to contact the company’s cyber helplines by telephone (for ahm customers 13 42 46 and for Medibank customers 13 23 31) or via a information page on the company’s website.
Medibank has launched a dedicated cybercrime customer care package to respond to the breach which includes:
- A hardship package to provide financial support to clients who are in an exceptionally vulnerable position as a result of this crime, who will be supported individually.
- Access to Medibank’s mental health and wellbeing support line for all customers, including ahm customers
- Access to IDCARE’s specialist identity protection advice and resources
- Free identity verification services for customers who have had their primary ID compromised
- Reimbursement of the fees for the reissuance of identity documents that have been fully committed in this crime
The company has also established specialist teams to help customers who receive scam threats.
Medibank customers should email any suspicious emails or text messages to scaminvestigations@medibank.com.au, while ahm customers should email scaminvestigations@ahm.com.au.
Medibank has reminded customers to be aware of potential scams and said it will never contact customers asking for passwords or other sensitive information.
Customers can also speak to Medibank’s qualified mental health professionals 24/7 by phone for mental health or wellbeing advice or support (1800 644 325).
What do we know about what was taken?
Medibank holds a range of sensitive information by virtue of being a health insurance company.
From the records supplied by the hacker, Medibank says the data includes:
- Names and surnames
- addresses
- Dates of birth
- Medicare numbers
- Policy numbers
- Telephone numbers
- Details of claims made to the insurer
The data also includes details about where clients received medical services, codes related to their diagnosis and procedures.
The hacker also claims to have credit card details, but this has not been verified by Medibank.
How many people does it affect?
The company says it cannot yet confirm how many people have been affected by the cyber breach, but said it expects the number to rise as the investigation continues.
Who is at risk?
All Medibank and ahm customers as well as international students studying in Australia who use Medibank with their OSHC service are at risk of a data breach.
What has Medibank said about the breach?
Medibank CEO David Koczkar apologized unreservedly to customers affected by the data breach in a statement issued on Tuesday morning.
“As we continue to uncover the breadth and seriousness of this crime, we recognize that these developments will be distressing for our clients, our people and the community, as they are for me,” Koczkar said.
“We are ready to support our customers with identity, financial difficulties and mental health support.”
In response to the breach, Medibank has also postponed premium increases for Medibank and ahm customers that were scheduled to increase on 1 November 2022 to 16 January 2023.
Loading form…