AU health insurer Medibank has been diligently providing updates on a massive data breach. With each update, they have revealed growing awareness of how much personal data has been accessed or exfiltrated. Their latest update, issued overnight, begins:
It has become clear overnight that the criminal has accessed patient information relating to My Home Hospital.
My Home Hospital is a service delivered by a joint venture between Calvary and Medibank on behalf of Wellbeing SA and the South Australian Government.
The data accessed includes personal information and some health data.
Medibank has begun directly contacting affected patients. Any patients admitted to My Home Hospital on or after 13 October 2022 have not been affected.
While Medibank has not yet determined if the data has been illegally taken from our system, we know it has been accessed.
Medibank has not named the threat actor or group, telling DataBreaches that it cannot disclose that as that is part of the Australian Federal Police (AFP) investigation.
Medibank’s incident update page currently contains this alert at the top: “My Home Hospital patients please contact 1800 081 245.”