Australia’s leading Health Insurer, Medibank Private Ltd, has said that a hacker had compromised the data of all of the company’s 3.9 million customers. Medibank covers a sixth of the country’s entire population and the attack comes just one month after Australian telecommunications company, Optus, was breached in a similar fashion. All personal data and a significant number of health claims data were compromised with Medibank continuing to discover the specific data that was stolen.
The culprit behind the data breach has demanded a ransom threatening to expose the diagnoses and treatments of high-profile customers. Chief Executive of Medibank released an apology to customers and said, “This is a crime designed to cause maximum harm to the most vulnerable members of our community.” The company has reiterated that it would continue to monitor any further suspicious activity and added that everywhere they identified a breach, it is now closed.
The Australian government had been working to strengthen privacy rules recently after the data breach of Optus. They have also become very critical of companies that collect more customer data than is necessary in an attempt to make more money in ways unrelated to the services the information was provided for. Under proposed amendments, the penalties for serious breaches of the Privacy Act would rise to 50 million Australian dollars for these companies on the receiving end of these data breaches.
Medibank has withdrawn their fiscal 2023 policyholder growth forecast as shares in the company have fallen over 14% after the breach.