December 28, 2024
Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack
Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not

Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident.

The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was “consistent with the precursors to a ransomware event,” prompting it to isolate its systems, but not before the attackers exfiltrated the data.

“This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers,” Medibank noted.

Compromised details include names, dates of birth, addresses, phone numbers, and email addresses, as well as Medicare numbers (but not expiry dates) for ahm customers, and passport numbers (but not expiry dates) and visa details for international student customers.

It further said the incident resulted in the theft of health claims data for about 160,000 Medibank customers, around 300,000 ahm customers, and around 20,000 international customers.

This category comprises service provider name, the locations where customers received certain medical services, and codes associated with diagnosis and procedures that were administered.

Medibank, however, said financial information and identity documents like drivers licenses have not been siphoned as part of the security breach and that no unusual activity was observed since October 12, 2022.

“Given the nature of this crime, unfortunately we now believe that all of the customer data accessed could have been taken by the criminal,” the company said, urging customers to be on the alert for any potential leaks.

In a standalone investor statement, the company also said it will not make any ransom payment to the threat actor, stating doing so will only encourage the attacker to extort its customers and make Australia a bigger target.