Private health insurance provider Medibank hit by ‘cyber incident’
One of the largest Australian private health insurance providers has been hit by a “cyber incident”.
Medibank Group detected unusual activity on its network on Wednesday and subsequently took immediate steps to contain the incident.
“At this stage there is no evidence that any sensitive data, including customer data, has been accessed,” Medibank said in a statement.
“As part of our response to this incident, Medibank will be isolating and removing access to some customer-facing systems to reduce the likelihood of damage to systems or data loss.”
“As a result our ahm and international student policy management systems have been taken offline. We expect these systems to be offline for most of the day.”
Medibank advised this would cause “regrettable disruptions” for some customers.
Medibank chief executive David Koczkar recognised the news may “concern” some people in the wake of the recent Optus data breach.
“I apologise and acknowledge that in the current environment this news may make people concerned,” he said.
“Our highest priority is resolving this matter as transparently and quickly as possible.
“We will continue to take decisive action to protect Medibank Group customers and our people.
“We recognise the significant responsibility we have to the people who rely on us to look after their health and wellbeing and whose data we hold.
“We are working around the clock to understand the full nature of the incident, and any additional impact this incident may have on our customers, our people and our broader ecosystem.”
Investigations are ongoing, with Medibank committing to providing regular updates.
“As we continue to investigate this incident, our priorities are to ensure the ongoing security of customers, our employees, and stakeholder information, and the continued delivery of Medibank services,” it said in a statement.
It comes after around 9.8 million Australians had their data accessed in the major cyber attack, including addresses, passport numbers and drivers licence information.
Optus confirmed that there were 1.2 million customers who had at least one form of current and valid identification accessed by the hackers, while 900,000 had expired ID stolen.
A 19-year-old Sydney man was charged last week over an alleged SMS scam he ran using information from the data breach.