Medibank, one of the largest private health insurance providers in Australia, has issued a statement informing customers that it suffered a cyber-intrusion, causing it to restrict some access to its services.
Medibank, which covers around 3.7 million people as of last year, operates as a publicly listed company on the Australian Securities Exchange. It is the parent company of ahm, which covers health, travel, cars, homes and even pets.
On the morning of October 13, the insurer issued a statement saying it “detected unusual activity on its network.” The discovery prompted its IT staff to take immediate steps to contain the incident, as well as to engage expert help from the cybersecurity sector.
“At this stage there is no evidence that any sensitive data, including customer data, has been accessed,” the company stressed at the time – a statement it still holds to today, as investigations into the breach continue.
As part of the response, Medibank isolated and removed access to some customer-facing systems “to reduce the likelihood of damage to systems or data loss.”
This type of wording is nearly synonymous with ransomware, yet Medibank stops short of saying exactly what kind of cyber threat it is dealing with.
“As Medibank continues to take decisive action in response to the ongoing cyber incident, temporary disruptions to services may occur,” says an update posted to the cyber-incident page set up to keep customers informed.
“While our investigation is continuing, at this stage we have found no evidence that our customer data has been accessed,” Medibank emphasizes. “We remain focused on taking all steps required to contain the incident and ensure the ongoing security of our customers, our people and stakeholder information and the delivery of our services.”
The insurer has already sent around 3.7 million emails to current and former Medibank and ahm customers, as well as text messages to customers who prefer communication by SMS.
The company has notified a plurality of regulators and key stakeholders about the incident, including the Australian Cyber Security Centre, APRA, the Office of the Australian Information Commissioner, Private Health Insurance Ombudsman, the Department of Health and the Department of Home Affairs.
Emily Ritchie, senior executive of External Affairs at Medibank, admits “we don’t have all the answers yet,” adding that the group’s focus right now is to protect both customers and staff from any ripples this incident might cause.
Medibank also says there’s nothing customers need to do at this point. However, if a company you do business with gets breached, it’s always advisable to be wary of any unsolicited communications asking for your personal data, access credentials or financial information.
Bitdefender Identity Theft Protection offers continuous monitoring of your identity, privacy and credit status and displays instant alerts when your personal information is at risk.
tags
Filip has 15 years of experience in technology journalism. In recent years, he has turned his focus to cybersecurity in his role as Information Security Analyst at Bitdefender.
View all postsDecember 19, 2024
November 14, 2024