The threat actor responsible for a cyberattack on Medibank, an Australian health insurance provider, acknowledged having access to at least 4 million members’ personal data. Personal information of Medibank clients compromised by a cyberattack.
Despite Medibank’s initial claim that there was “no evidence that customer data has been accessed,” an investigation conducted a week later reveals that the threat actor had access to all personal information belonging to Medibank customers as well as sizable amounts of information related to health claims. Personal information of Medibank clients compromised by a cyberattack.
Also read, Ransomware assault confirmed by Australian insurance company Medibank
Stolen data of Medibank clients
According to the cybercrime investigation, the offender had access to:
All ahm customers’ personal information as well as a sizable amount of health claim information
Personal information on every international student customer as well as a sizable amount of health claim information.
All Medibank clients’ personal information as well as a sizable amount of health claim information
Although the threat actor who claims to have taken 200GB of data has contacted Medibank. This does not necessarily mean that all of this data have been stolen. They offered a sample of 100 policy records, which are thought to originate from the international student and ahm systems.
The example data that is offered consists of first and last names, addresses, birthdates, Medicare numbers, insurance policy numbers, phone numbers, and some claim information. The location of the patient’s medical facility as well as the diagnosis and procedure codes are also included.
It has not yet been confirmed whether the attackers took other data, including information about the security of credit cards.
Not just existing clients
In order to inform the impacted customers of this most recent change and to offer help and advice on what to do next. Medibank has agreed to start making direct contact with them. The fact that not all those impacted are current clients could bring some surprises. Due to Australian law’s requirement that Medibank retains data from previous clients, this breach may have affected former consumers. The company is required by applicable legislation in the nation to maintain the health information of adults for a minimum of seven years. And of individuals under the age of 18 for a minimum of twenty-five years.
Now, what Medibank customers should do?
Customers of Medibank and ahm can call Medibank at (13 42 46 for ahm customers and 13 23 31 for Medibank customers) or check the information page on the company’s website for any updates.
It is difficult to determine whether your data have been stolen until the investigation has confirmed the entire nature of the stolen data. International students have been reportedly impacted thus far, it has been confirmed. Since private health insurance is necessary to begin studies in Australia, there are a lot of them.
- Financial assistance for clients who, as a result of this crime, are particularly vulnerable. They will receive individualized support.
- For clients whose primary ID has been hacked, free identity monitoring services
- reimbursement of costs associated with issuing identity documents again after they were completely compromised in this crime
Additionally, they provide access to:
- IDCARE‘s expert guidance and resources for identity protection
- The mental health and wellbeing hotline for Medibank
On the portal for the cybersecurity incident maintained by Medibank, you may find this and any updated information.
As is customary when personal information has been compromised, it is wise to exercise increased caution when it comes to phishing attempts that may very well use part of the stolen data to gain credibility.
