Medibank hack: Mental and sexual health information may be leaked

Health insurance giant Medibank customers may have had deeply personal information like abortion and mental health history hacked by criminals in a major cyber security breach last week.

The stolen data includes codes for medical conditions they have been diagnosed with including their sexual health, serious diagnoses such as cancer, whether a woman has undergone a termination, and whether a person has been treated for a mental health condition or substance abuse.

It has been a nightmare month for Australian companies with the likes of telco’s Optus and Telstra and online retailer MyDeal all reporting significant customer data breaches.

While initially playing down the impact of the attack, on Wednesday the company confirmed it had been contacted by the criminals who claim to have stolen 200GB of data.

“The criminal has provided a sample of records for 100 policies which we believe has come from our ahm and international student systems,” the company said in a statement.

Data accessed by the criminals includes first and last names, phone numbers, addresses, dates of birth, Medicare numbers, policy numbers and claims data relating to medical procedures.

“The data is very specific to the procedure,” chief executive David Koczkar told the Australian.

“We know people are going to be very anxious, we absolutely hear that.”

The criminal also claims to have stolen other information, including data related to credit card security, which has not yet been verified by Medibank, the company said.

Medibank said it was in the process of notifying individual customers if their information had been affected and informing them of what steps to take.

Home Affairs Minister Clare O’Neil called the targeting of health related information a “dog act”.

“Financial crime is a terrible thing but ultimately a credit card can be replaced,” she said.

“The threat that is being made here to make the private personal health information of Australians made available to the public is a dog act.

“That is why the toughest and smartest people in the Australian Government are working directly with Medibank to try to ensure that this horrendous criminal act does not turn into what could be irreparable harm to some Australian citizens.”

The breach is being investigated by the Australian Federal Police with officers placed within Medibank to help minimise the fallout from the breach.

Ms O’Neil said Medibank initially “assured” the government no customer data had been affected by last week’s breach and that the malicious actors had been removed.

It was subsequently revealed the criminals had made contact with the company and were claiming to have accessed significant amounts of data and were demanding to enter into negotiations.

The data was effectively being held for ransom, Ms O’Neil said.

Medibank said the number of affected customers is expected to grow as the incident continues to unfold.

“I unreservedly apologise for this crime which has been perpetrated against our customers, our people, and the broader community,” Mr Koczkar said.

“I know that many will be disappointed with Medibank and I acknowledge that disappointment.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *