Credit: Medibank
Health insurance company Medibank has become the latest Australian victim of cyber attackers after discovering “unusual activity” on its systems.
The publicly listed insurer told shareholders and its 3.9 million customers that it detected suspicious behaviour on its network on 12 October and has taken some of its systems offline to minimise the system damage or data loss.
Medibank claimed there is no evidence that any sensitive data, including customer data, has been accessed, but said its subsidiary ahm and international student policy management systems have been taken offline.
The company said it had also engaged specialist cyber security firms to deal with the incident, adding that the aforementioned systems would likely remain offline throughout 13 October.
“I apologise and acknowledge that in the current environment this news may make people concerned,” Medibank CEO David Koczkar said.
"Our highest priority is resolving this matter as transparently and quickly as possible. We will continue to take decisive action to protect Medibank Group customers and our people.
“We recognise the significant responsibility we have to the people who rely on us to look after their health and wellbeing and whose data we hold. We are working around the clock to understand the full nature of the incident, and any additional impact this incident may have on our customers, our people and our broader ecosystem."
Investigations are ongoing and Medibank will provide regular updates, the company added. Its health services will continue to be available to customers, including their ability to access health providers.
The potential breach follows Australia’s biggest ever cyber breach when the personal details of up to 10 million Optus customers were exposed to hackers, which was first announced on 22 September.
Shortly after, another Australian-based business owned by Singtel suffered a data breach, with The Dialog Group's clients and employees affected.
In response to Optus' breach, the Australian Computer Society (ACS) has backed up calls from the federal government to reform current privacy and cyber security laws.
On 28 September, Prime Minister Anthony Albanese said in Parliament that the Optus breach, which included drivers’ licence numbers and passport numbers, “should never have happened”.
