Private health insurer Medibank recently hosted its annual general meeting (AGM) for shareholders, delving into the recent cyberattack incident and sharing its financial performance and plans for the coming year.
The cyberattack against Medibank has shaken Australian companies for weeks, with the stolen data including hundreds of customers' names, addresses, and birthdates.
In Medibank's AGM for 2022, chair Mike Wilkins and CEO David Koczkar provided an update on the cyber incident and reflected on the insurer's FY22 performance.
In his speech, Wilkins explained that the cyberattack has caused distress and concern for many Medibank customers, employees, and shareholders. Therefore, the insurer will continue to prioritise supporting its affected customers through a dedicated cyber response support program.
“I unreservedly apologise to every person for the significant impact of this crime. It is a despicable act by the criminal seeking to extort payment based on the privacy concerns of our customers and must be condemned in the strongest possible terms,” said Wilkins. “Throughout our almost 50-year history, our focus on customers and improving the health and wellbeing of all Australians has been unwavering. It's the reason we were founded, and it's the reason we exist today.”
In addition to the ongoing investigations and engagement with the Australian Federal Police (AFP) and the Australian Cyber Security Centre (ACSC), Medibank commissioned an external review, to be undertaken by Deloitte, to learn more about the incident and strengthen its ability to safeguard its customers.
With the ever-increasing risk of cybercrime across the globe, Wilkins said Medibank will continue to invest in mitigating these risks.
“Over the past few weeks, I've spoken with many of our major shareholders and advisors, and I've been encouraged by the support they have shown us for how we are managing this event and the actions we are taking,” he said.
Meanwhile, Koczkar confirmed that the Medibank team had regularly written to or spoken with current and former customers to update them on the unfolding cybercrime. Beginning this week, the team will communicate with around 480,000 customers whose health data might be stolen.
“We will continue to work around the clock to provide customers with details of their data we believe had been stolen and provide advice on what customers should do and how we can support them,” Koczkar said. “I want to reassure you that we continue to be vigilant and will take the necessary steps to protect our operations and our customers' data.”