Following a ransomware hack, Australian health insurer Medibank acknowledged that access to the personal information of roughly 9.7 million of its current and former clients was made possible.

The company claims that the attack was discovered on October 12. In its IT network in a way that was “consistent with the precursors to a ransomware event. That led it to isolate its systems, but not before the attackers stole the data.

According to Medibank, “This statistic covers approximately 5.1 million Medibank customers, approximately 2.8 million ahm consumers. It included approximately 1.8 million overseas clients.”

Names, dates of birth, addresses, phone numbers, email addresses, and Medicare numbers (but not expiration dates) for ahm customers. Also, passport numbers (but not expiration dates), and visa information for international student customers are among the compromised details.

It added that the loss of health claims data for roughly 160,000 Medibank customers, about 300,000 ahm customers. And about 20,000 foreign consumers were the result of the incident.

This category includes the name of the service provider and the locations where patients received certain medical treatments. And the diagnostic and procedural codes that were used.

However, according to Medibank, no suspicious activity has been noticed after October 12, 2022. The financial information and identity documents like driver’s licenses have not been stolen as a result of the security breach.

The business warned clients to be on the lookout for any potential leaks, saying, “Given the nature of this crime, unfortunately, we now fear that all of the customer data accessible could have been seized by the perpetrator.”

The business also stated in a separate investor statement that it will not pay the threat actor’s demanded ransom since doing so would simply encourage the attacker to blackmail its customers and make Australia a bigger target.