Following a ransomware incident, Australian health insurer Medibank today acknowledged that attackers gained access to the personal information of roughly 9.7 million of its current and former clients.

The company claims that the attack was discovered on October 12 in its IT network in a way that was "consistent with the precursors to a ransomware event," leading it to isolate its systems, but not before the attackers ran away with the data.

The Melbourne-based company stated that "this figure covers approximately 5.1 million Medibank clients, approximately 2.8 million AHM customers, and approximately 1.8 million foreign customers."

Among the compromised details are names, dates of birth, addresses, phone numbers, email addresses, Medicare numbers (but not expiration dates) for AHM customers, passport numbers (but not expiration dates), and visa information for international student customers. Moreover, there is a leak of health claims data for roughly 160,000 Medibank customers, about 300,000 ahm customers, and about 20,000 foreign consumers. This category includes the name of the service provider, the locations where patients received certain medical treatments, and the diagnostic and procedural codes that were used.

However, according to Medibank, no suspicious activity has been noticed after October 12, 2022, and financial information and identity documents like drivers licenses have not been stolen as a result of the security breach.

The organization warned clients to be on the lookout for any potential leaks, saying, "Given the nature of this crime, unfortunately we now fear that all of the customer data accessible could have been seized by the perpetrator."

The business also stated in a separate investor statement that it will not pay the threat actor's demanded ransom since doing so would simply encourage the attacker to blackmail its customers and make Australia a bigger target.

Sources