Updated 8 November, 2022 –
In a blog post this morning, the Medibank attacker(s) have posted a brief blog to threaten “data will be publish in 24 hours” and “P.S. I recommend to sell medibank stocks.”
The blog has provided a link to a satirical Medibank piece by the ABC’s Mark Humphries which aired ten days ago- YouTube video
7 November, 2022 –
In a statement released this morning, Medibank says that no ransom payment will be made to the criminal responsible for this data theft.
Medibank CEO David Koczkar said we again unreservedly apologise to our customers and recognise the distress this cybercrime has caused. Mr Koczkar said: “Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published. In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.”
“It is for these reasons we have decided we will not pay a ransom for this event,” he said. “Based on our investigation to date into this cybercrime we currently believe the criminal:
- Accessed the name, date of birth, address, phone number and email address for around 9.7 million current and former customers and some of their authorised representatives. This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers
- Did not access primary identity documents, such as drivers’ licences, for Medibank and ahm resident customers. Medibank does not collect primary identity documents for resident customers except in exceptional circumstances
- Accessed Medicare numbers (but not expiry dates) for ahm customers
- Accessed passport numbers (but not expiry dates) and visa details for international student customers
- Accessed health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers. This includes service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered. Additionally, around 5,200 My Home Hospital (MHH) patients have had some personal and health claims data accessed and around 2,900 next of kin of these patients have had some contact details accessed
- Accessed health provider details, including names, provider numbers and addresses
- Did not access health claims data for extras services (such as dental, physio, optical and psychology)
- Did not access credit card and banking details
The company has expanded a dedicated Cyber Response Support Program for customers to now include:
- A cybercrime health & wellbeing line (1800 644 325) – counsellors that have experience supporting vulnerable people (such as those at risk of domestic violence) and have been trained to support victims of crime and issues related to sensitive health information
- Mental health outreach service – proactive support service for customers identified as being vulnerable, or through referral from our contact centre team
- Better Minds App – new tailored preventative health advice and resources specific to cybercrime and its impact on mental health and wellbeing, including tools for managing anxiety and fear, with additional phone based psychological support available
- Personal duress alarms – for customers particularly vulnerable and/or with safety risks
The program includes:
- Hardship support for customers who are in a uniquely vulnerable position as a result of this crime which can be accessed via our contact centre team (13 23 41 for Medibank and international customers, 13 42 46 for ahm customers and 1800 081 245 for MHH patients)
- Specialist identity protection advice and resources through IDCARE’s purpose-built Medibank page
- Free identity monitoring services for customers whose identity has been compromised as a result of this crime
- Reimbursement of ID replacement fees for customers who need to replace any identity documents that have been compromised as a result of this crime
- Specialised teams to help our customers who receive scam communications or threats
The investigation is ongoing and continues to evolve. Medibank stated it will continue to provide updates as information becomes available and is verified.”