Medibank Acknowledges Data Breach Including Medical DataMinister for Home Affairs O'Neil Likens Hackers to Dogs
Ransomware hackers stole up to 200 gigabytes from Australian insurer Medibank, a data set that includes identifying information and medical diagnoses.
The company, Australia's largest private health insurer with 3.9 million customers, has over the course of a week transformed from being confident that it repelled hackers to being apologetic after disclosing Thursday that the incident it first detected Oct. 12 is a data breach.
Medibank now says it's been contacted by a criminal claiming to have taken 200 gigabytes worth of data from the company - sharing as proof records from 100 policies that contain information such as diagnostic codes, full names and addresses, and the location of medical service delivery. The company says the hacker claims to also have obtained payment card data, but it hasn't verified the claim's veracity. Customer-facing systems remain online but may be temporarily disrupted by security operations.
Australian Federal Police are investigating, said Clare O'Neil, Minister for Home Affairs. She likened the hacker's extortion demand for payment in return for not publishing the records online to "a dog act."
"The toughest and smartest people in the Australian government are working directly with Medibank," she added.
O'Neil acknowledged the company had initially informed the government that no data breach occurred. In a large organization with a "complex technological system, it takes a bit of time to understand what has changed in that system in the event of an attack," the minister said.
The insurer said it has begun informing the 100 customers whose data was offered a proof of the hack and said, "We expect the number of affected customers to grow as the incident continues."
Medibank first disclosed on Oct. 13 that it had found "unusual activity" on its network the day before, leading it to pull customer-facing systems offline and suspend trading for the rest of the week. That activity was "consistent with the precursor to a ransomware event," the company said Monday in a statement in which CEO David Koczkar emphasized that the company had found no evidence of attackers having exfiltrated customer data (see: Australian Insurer Medibank Says Incident Was Ransomware).
On Wednesday, the company confirmed receiving an extortion demand and halted trading of its shares in the Australian Stock Exchange for the second time in as many weeks until Friday. Koczkar today said that the latest trading halt will continue until further notice.
The insurer says the stolen sample data set likely originated with its ahm and international students' policy management systems. Medibank acquired Australian Health Management in 2008 and continued offering insurance under the ahm brand.
“I unreservedly apologize for this crime which has been perpetrated against our customers, our people, and the broader community," Koczkar said.