cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Private health insurer Medibank investigates possible hack

After detecting “unusual activity” on its network, the Medibank Group has engaged specialist cyber security firms to investigate the incident.

user icon Nastasha Tupas
Thu, 13 Oct 2022
Private health insurer Medibank investigates possible hack
expand image

Medibank has released a statement that it will be isolating and removing access to some customer-facing systems to reduce the likelihood of damage to systems or data loss.

The private health insurer has ensured customers that its highest priority is to resolve the matter as transparently and quickly as possible, with David Koczkar, Medibank CEO, confirming that action has been taken to contain the security incident in order to protect the data the company has on file.

"I apologise and acknowledge that in the current environment, this news may make people concerned.


Investigations are ongoing and Medibank has stated it will provide regular updates. In the meantime, the private health insurer's 3.9 million customers will be waiting to learn if their private information has been stolen in the security breach.

"We recognise the significant responsibility we have to the people who rely on us to look after their health and wellbeing and whose data we hold.

"We are working around the clock to understand the full nature of the incident, and any additional impact this incident may have on our customers, our people and our broader ecosystem."

According to Ajay Unni, cyber security expert and founder of StickmanCyber, it is encouraging to see large organisations like Medibank coming forward and taking accountability for cyber attacks and data breaches.

"Being on the front foot and taking action, even when it may be disruptive to business, along with keeping customers and the public up-to-date is a step in the right direction.

"Insurers like Medibank are valuable targets for malicious cyber activity thanks to the highly sensitive personal information, financial data and health records that they hold," Unni said.

"Businesses regardless of their size and scale, need to at least inform the Office of the Australian Information Commission(er) of a suspected or confirmed breach while also requesting assistance from Australian Cyber Security Centre and any third parties who can help with the investigation and remediation.

"Communication is key in any incident including cyber, or the public will speculate and draw their own conclusions leading to erroneous information being circulated," Unni added.

At this stage, Medibank has not disclosed further details of the "unusual activity" but noted no evidence that any sensitive data, including customer data, has been accessed.

In a statement on the Medibank website, the private health insurer has informed customers of a few precautionary actions that it has taken.

"As a result our ahm and international student policy management systems have been taken offline.

"We expect these systems to be offline for most of the day.

"This will cause regrettable disruptions for some of our customers. Ahm and international student customers will still be able to contact our customer teams via phone but at this stage our people won’t be able to access policy information," the Medibank statement outlined.

Medibank's health services continue to be available to customers, which includes their ability to access their health providers, while the company works through the security incident.

"We will continue to take decisive action to protect Medibank Group customers and our people," Koczkar added.

[Related: Tertiary cyber education key to national security strategy]

Nastasha Tupas

Nastasha Tupas

Nastasha is a Journalist at Momentum Media, she reports extensively across veterans affairs, cyber security and geopolitics in the Indo-Pacific. She is a co-author of a book titled The Stories Women Journalists Tell, published by Penguin Random House. Previously, she was a Content Producer at Verizon Media, a Digital Producer for Yahoo! and Channel 7, a Digital Journalist at Sky News Australia, as well as a Website Manager and Digital Producer at SBS Australia. Nastasha started her career in media as a Video Producer and Digital News Presenter at News Corp Australia.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.