DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Health insurer Medibank enters trading halt after cyberattack, says it received communication from alleged hackers (UPDATED)

Posted on October 19, 2022 by Dissent

Nino Bucci reports:

Private health insurer Medibank has entered a trading halt after telling customers it had received messages from a group claiming to have accessed the data of its customers in a cyber-attack.

In a statement to the Australian stock exchange on Wednesday, the company said it had received messages from a group that wished to negotiate regarding the alleged removal of customer data.

Read more at The Guardian.

In related news, The Sydney Morning Herald quoted a passage from what is described as the ransom note, although the group sending the note was not named:

“We offer to start negotiations in another case we will start realizing our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from your database (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information.

Although Medibank is investigating the claims, there’s nothing in their latest update that says that the health insurer would pay or even negotiate with the threat actors if the claims of acquiring personal and sensitive information are confirmed. Some others appear to be interpreting their statement as indicating that they are negotiating (see, for example, IT Pro’s headline “Medibank begins negotiations with hackers who claim to have stolen data in last week’s cyber attack”). DataBreaches has sent an inquiry to Medibank’s media communications team to request clarification, but no reply was immediately received. This post will be updated when a response is received, or Medibank issues further clarification.

Medibank’s update states that the attack did not involve locking Medibank’s files, so the most compelling motivation for Medibank to pay would be to protect sensitive information on plan members.

Update:

In a statement sent to DataBreaches, Medibank provided details about communications from the threat actors, stating that they have been contacted by a criminal claiming to have stolen 200GB of data.

  • The criminal has provided a sample of records for 100 policies which we believe has come from our ahm and international student systems.
  • That data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data.
  • This claims data includes the location of where a customer received medical services, and codes relating to their diagnosis and procedures.
  • The criminal claims to have stolen other information, including data related to credit card security, which has not yet been verified by our investigations.

In terms of what Medibank is currently doing, they write:

Medibank teams continue to work around the clock to understand what additional customer data has been affected, and how this will impact them.

This morning we will commence making direct contact with the affected customers to inform them of this latest development, and to provide support and guidance on what to do next.

We expect the number of affected customers to grow as the incident continues.

We will continue to contact affected customers.

Medibank urges our customers to remain vigilant, and encourages them to seek independent advice from trusted sources, including the Australian Cyber Security Centre at cyber.gov.au

If they expect the number of affected customers to grow, it does not sound like they expect to reach a deal with the criminal, but DataBreaches notes that they did not directly answer the question DataBreaches had put to them about whether there were any negotiations.

For customer support, they offer the following:

To reduce wait times for our customers, we have redeployed our people to support new cyber response hotlines in our call centres.

Medibank and ahm customers can contact us by phone (for ahm customers 13 42 46 and for Medibank customers 13 23 31) or visit the information page on the website for any updates.

Our customers can also speak to Medibank’s experienced and qualified mental health professionals 24/7 over the phone to discuss any mental health questions or issues.

Medibank is in discussions with government stakeholders about what else we can do to assist our customers in safeguarding their identities and health information, and we will be in touch with customers about those steps directly.

Related posts:

  • Medibank updates incident report; customer data also affected
  • Hackers release Australian health insurer’s customer data
  • AU: Medibank’s latest update reveals more woes; My Home Hospital patient info accessed
Category: Health DataMalwareNon-U.S.

Post navigation

← In Germany, ransomware attack halts circulation of some newspapers; country’s cybersecurity chief fired over possible ties to Russian intelligence
Vinomofo data breach: 500,000 customers at risk after wine dealer hit by cyber-attack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data
  • Sacred Secrets: The Biblical Case for Privacy and Data Protection
  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.