Damage from Medibank hack ‘potentially irreparable’, Cyber Security Minister Clare O’Neil says
Cyber Security Minister Clare O’Neil says the damage from the Medibank cyber attack is “potentially irreparable” after the company revealed the hack was even worse than thought last week.
Speaking in parliament during question time, O’Neil gave a grim warning about the severity of the cyber attack.
“One of the reasons why the government is so worried about this is because of the nature of the data that’s been held here,” she said.
“In a lot of cyber attacks, our big fears are around identity theft… ultimately something can usually be done to protect consumers. We can replace bank cards.
“When it comes to the personal health information of Australians, the damage here is potentially irreparable.
“Australians who are struggling with mental health conditions, drug and alcohol addiction, with diseases that carry some shame or embarrassment, they are entitled to keep that information private and confidential.
“For a cybercriminal to hang this over the heads of Australians is a dog act. It is scum of the earth, lowest of the low territory.”
O’Neil said the government was working to protect victims of the attack and track down the perpetrators.
“The AFP are leading a criminal investigation into the matter,” she told parliament.
“Services Australia and the Department of Health are working to protect the government information that may be exposed here.
“Services Australia has done an immense amount of work to protect their own network which has an interaction with Medibank.”
Earlier on Tuesday, Medibank, which is Australia’s largest private health insurance company, said its update was “a distressing development”, after initially assuring the federal government that no sensitive personal information was taken during the cyber hack, first detected on October 12.
“It has become clear that the criminal has taken data that now includes Medibank customer data, in addition to that of (health insurance business) ahm and international student customers,” the company said in a statement.
It has emerged as much as 200 gigabytes of data was stolen from its servers, including highly sensitive medical details and diagnoses of customers.
Today, the insurer said the hackers had shared another 1000 ahm customer files, adding to the 100 customers it confirmed last Thursday.
Medibank said it was “too soon” to know the full extent of customer data stolen, the total number of victims or specifically what information was taken.
“As we continue to investigate the scale of this cybercrime, we expect the number of affected customers to grow as this unfolds.”
Medibank boss David Koczkar apologised “unreservedly” and said the insurer is working with the government and AFP in their investigation.
“This is a malicious attack that has been committed by criminals with a view of causing maximum fear and damage, especially to the most vulnerable members of our community.”
In the aftermath of the attack, Medibank is suspending premium increases, initially planned for this month, until next year.
Medibank is the latest high-profile Australian business to be hit by hackers in a major breach.