Australian health insurer says data of all customers hacked

Oct 25, 2022, 7:40 AM | Updated: 8:30 pm

People walk past a Medibank branch in Sydney, Wednesday, Oct. 26, 2022. Medibank, Australia's large...

People walk past a Medibank branch in Sydney, Wednesday, Oct. 26, 2022. Medibank, Australia's largest health insurer, said a cybercriminal had hacked the personal data of all its 4 million customers as the government introduced legislation that would increase penalties for companies that fail to protect clients' private information. (AP Photo/Rick Rycroft)

(AP Photo/Rick Rycroft)

CANBERRA, Australia (AP) — Australia’s largest health insurer said on Wednesday a cybercriminal had hacked the personal data of all its 4 million customers, as the government introduced legislation that would increase penalties for companies that fail to protect clients’ private information.

Medibank said “significant amounts of health claims data” had also been accessed in the breach, which was reported to police a week ago when trade in the company’s shares was halted.

The thief has demanded ransom and has reportedly threatened to expose the diagnoses and treatments of high-profile customers.

Medibank said its priority was to discover the specific data stolen in relation to each customer and to share that information with those customers.

The company had previously said the breach was thought to be limited to its subsidiary AHM and foreign students.

“Our investigation has now established that this criminal has accessed all our private health insurance customers’ personal data and significant amounts of their health claims data,” Medibank chief executive David Koczkar said in a statement to the Australian Securities Exchange.

“This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community,” Koczkar added, with an apology to customers.

The government has been planning urgent legislative reforms on cybersecurity regulation since a hacker stole the personal data of almost 10 million current and former customers of Optus, Australia’s second-largest wireless telecommunications carrier.

Optus became aware on Sept. 21 that personal data of more than one-third of Australia’s population of 26 million had been stolen.

In introducing amendments to the Privacy Act to Parliament on Wednesday, Attorney-General Mark Dreyfus mentioned both companies and MyDeal, an online retail intermediary that lost the data of 2.2 million customers in a hack revealed two weeks ago.

“As the Optus, Medibank and MyDeal cyberattacks have recently highlighted, data breaches have the potential to cause serious financial and emotional harm to Australians, and this is unacceptable,” Dreyfus told Parliament.

“Governments, businesses and other organizations have an obligation to protect Australians’ personal data, not to treat it as a commercial asset,” Dreyfus added.

The government is critical of companies that amass more customer data than necessary to make money from it in ways unrelated to the services for which the information was provided.

The penalties for serious breaches of the Privacy Act would increase from 2.2 million Australian dollars ($1.4 million) now to AU$50 million ($32 million) under the proposed amendments.

A company could also be fined the value of 30% of its revenues over a defined period if that amount exceeded AU$50 million ($32 million).

Medibank said on Wednesday it did not have cyber insurance and estimated the hack would reduce its earnings by between AU$25 million ($16 million) and AU$35 million ($22 million) by early next year.

The Medicare trading halt was lifted on Wednesday and shares slid more than 14% in early trading.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


Photo: A delegate wears a hat with pins during the Republican National Convention Monday, July 15, ...

Christine Fernando, Steve People and Jill Colvin, The Associated Press

Rep. Walsh speaks for Washington as cheering GOP delegates nominate Trump for president

Cheering GOP delegates formally nominated Donald Trump for president at Monday's Republican National Convention kickoff.

3 days ago

Photo: Sen. J.D. Vance, R-Ohio, right, points toward Republican presidential candidate former Presi...

Jill Colvin, Julie Carr Smyth, Steve Peoples and Zeke Miller, The Associated Press

Trump picks Sen. JD Vance of Ohio, a once-fierce critic turned loyal ally, as his GOP running mate

Donald Trump named Sen. JD Vance of Ohio as his running mate, choosing a onetime critic who became a loyal ally.

4 days ago

trump assassination...

Ayanna Alexander, The Associated Press

What to know about Trump assassination attempt and the investigation into the shooting

Authorities want to know how a shooter was able to get on top of a roof so close to where former President Donald Trump was speaking and open fire.

4 days ago

Photo: Republican presidential candidate former President Donald Trump is surrounded by U.S. Secret...

Julie Carr Smyth, Jill Colvin, Colleen Long, Michael Balsamo, Eric Tucker and Michelle L. Price, The Associated Press

Trump heads to convention as authorities investigate motive, security in assassination attempt

Trump called for unity and resilience after an attempt on his life added fresh uncertainty to an already tumultuous presidential campaign.

4 days ago

Photo: President Joe Biden speaks from the Roosevelt Room of the White House in Washington, Sunday,...

Will Weissert and Zeke Miller, The Associated Press

In primetime address, Biden says country must not go down road of political violence

President Joe Biden says “we can’t, we must not go down” the road of political violence in America after the attempted Trump assassination.

4 days ago

Photo: President Joe Biden speaks at a news conference following the NATO Summit in Washington, Thu...

Zeke Miller, Seung Min Kim, Lisa Mascaro and Colleen Long, The Associated Press

Biden says during news conference he’s going to ‘complete the job’ despite calls to bow out

Biden used his highly anticipated news conference to deliver a defense of his policies and batted away questions about his ability to serve.

7 days ago

Australian health insurer says data of all customers hacked