Medibank Confirms Hackers Have Customer Data – Starts Offering Support Packages

Australia’s Medibank continues to offer timely updates to its customers following an upsetting cyber-incident earlier this month, resulting in IT hurdles and, as confirmed more recently, the theft of customer data.

As one of the largest health insurers down under, Medibank has taken a commendably transparent approach to handling its run-in with ransomware operators since day one.

The latest update arrived earlier today, with Medibank confirming – this time beyond any doubt – that the unknown hackers have sensitive customer data.

‘The criminal has taken data’

“There has been a further development in Medibank’s cybercrime event,” reads today’s notice. “It has become clear that the criminal has taken data that now includes Medibank customer data, in addition to that of ahm and international student customers.”

As the advisory reveals, the hackers are actively communicating with the insurer – likely trying to get Medibank to cough up ransom money so the perps don’t leak or sell customer data on the underground web.

“We have received a series of additional files from the criminal,” reads the update.

Per the advisory, the data includes policy records with personal and health claims data, as well as files containing additional information.

“Given the complexity of what we have received, it is too soon to determine the full extent of the customer data that has been stolen,” the letter continues. “We will continue to analyse what we have received to understand the total number of customers impacted, and specifically which information has been stolen. We will also continue to contact our customers as we are able to confirm whether their data has been compromised.”

Comprehensive support package for affected customers

It’s worth recalling that an alleged ransom note obtained by The Sydney Morning Herald last week alluded to some ”interesting” facts about prominent Medibank clients, including politicians, actors and people struggling with drug addiction.

Perhaps it is no surprise then that Medibank, in a second update today, take a sympathetic look at the severity of the incident through the eyes of those affected. To that extent, the insurance giant has announced a comprehensive support package for affected customers, including:

·      A hardship package to provide financial support for individual customers who are in a uniquely vulnerable position as a result of this incident

·      Access to Medibank’s mental health and wellbeing support line

·      Access to specialist identity protection advice and resources

·      Free identity monitoring services

·      Reimbursement of fees for re-issue of compromised identity documents

The company has also deployed special teams to help customers who receive scam threats. Customers who receive suspicious emails or texts are instructed to report them to scaminvestigations@medibank.com.au, while ahm customers should email scaminvestigations@ahm.com.au.

The insurer pledges to provide customers with “regular, transparent updates,” as it works with Australian banks and government departments to increase monitoring of affected customers accounts.

Bitdefender Identity Theft Protection offers continuous monitoring of your identity, privacy and credit status and displays instant alerts when your personal information is at risk.