Australia has suffered another highly damaging data breach, after that country’s leading health insurer was hacked.

Medibank Private confirmed on Thursday a ‘cyber incident’, which it said was being investigated by the Australian Federal Police as a crime.

Unfortunately, it seems that hackers have stolen 200GB of Australian patient data, including names, addresses, phone numbers, dates of birth, financial data, and in some case actual medical data.

Medibank hack

“Medibank has been contacted by a criminal claiming to have stolen data and who has provided a sample of records for 100 policies which we believe has come from our ahm and international student systems,” the firm stated.

“The criminal also claims to have stolen other information, including data related to credit card security,” it added. “This has not yet been verified by our investigations.”

The health insurer said it working around the clock to understand what additional customer data has been affected and how this will impact them.

“We are making direct contact with the affected customers to inform them of this latest development, and to provide support and guidance on what to do next,” the firm stated. “We expect the number of affected customers to grow as the incident continues.”

Medibank urged customers to remain vigilant, and encouraged them to seek independent advice from trusted sources, including the Australian Cyber Security Centre at cyber.gov.au

It also said it would never contact customers requesting passwords or other sensitive information.

“Medibank is in discussions with government stakeholders about what else we can do to assist our customers in safeguarding their identities and health information, and we will be in touch with customers about those steps directly,” it said.

Medical records

This breach is potentially huge, as Medibank Private covers one-sixth of Australians.

The country only has a population of 25 million, meaning potentially 4 million people have been impact.

Until now the concern has centred around the risk the hackers would use stolen financial data to access people’s bank accounts.

However the Sydney Morning Herald reported that it obtained a message from a person claiming to be the Medibank hacker, who reportedly threatened to publish confidential medical records of high-profile individuals unless the person was paid.

Compromises of medical data has happened before.

In 2019 for example, a nation state hacker compromised Singapore’s government health database and stole the medical records of at least 1.5 million people, including the medical records of Prime Minister Lee Hsien Loong.

Optus hack

News of the Medibank Private comes hot on the heels of the hack of Australia’s second largest mobile operator Optus, owned by Singapore Telecommunications Ltd.

The breach of Optus impacted up to 10 million Australians and stolen data included customers’ names, dates of birth, phone numbers, email addresses, and, for a subset of customers, addresses, ID document numbers such as driver’s licence or passport numbers.

The Australia government did not hold back on making its anger at the breach known, and demanded that Singapore Telecommunications must pay for replacement ID documents including passports, which the firm agreed to do.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

NHS Staff Say New Tech Will Treat Extra 18.6 Million Patients A Year

Research from Virgin Media O2 Business finds majority of NHS staff believe new tech will…

5 hours ago

Alphabet Q2 Beats Expectations, But Shares Dip

Despite share buyback and positive Q2 results, Alphabet's share price falls over YouTube slowdown and…

5 hours ago

Google Cancels Plan To Axe Third Party Cookies For Chrome Browser

Better switch to Firefox? After years of delays, Google performs u-turn and will no longer…

7 hours ago

Meta Releases Open Source Llama 3.1 AI Model

Release of latest AI model, Llama 405B, offers improved reasoning capabilities especially for math and…

8 hours ago

Microsoft Blames 2009 EU Agreement For World’s Biggest IT Outage

Redmond says EU deal gave CrowdStrike the keys to the Windows kernel, allowing last week's…

11 hours ago