Major private health insurer Medibank has been hit by its third class action over the October 2022 data breach that made the headlines.
In a statement, class-action law firm Slater and Gordon confirmed that it already issued proceedings against Medibank on behalf of former, existing, and prospective customers whose highly sensitive personal information was obtained by cyber attackers and posted on the internet.
The claim extends to customers of Medibank's travel insurance products and subsidiary Australian Health Management (ahm), noting Medibank's announcement early this year that the data breach extended to one of its brands. The class action also extends to children whose information was affected, as are authorised representatives and providers.
Slater and Gordon alleged that Medibank and ahm breached privacy and consumer laws and litigation that governs customer data retention and data protection for private insurers in Australia.
The law firm claimed that both companies:
The class action further claimed that Medibank breached its contractual obligations to customers to whom it assured it had “adequate and appropriate security controls in place” to protect their personal information.
In a statement, Medibank acknowledged the consumer class action against the company filed by Slater and Gordon in the Federal Court of Australia on May 04, 2023.
“Medibank understands that these proceedings have been brought on behalf of current, former, and prospective customers, authorised representatives of customers, and providers of healthcare services in relation to the cybercrime event,” it said. “The statement of claim includes allegations of breach of contract, negligence, and contraventions of the Australian Consumer Law.”
The insurer confirmed that it will defend the proceedings while continuing to support its customers from the impact of the breach through its previously announced Cyber Response Support Program.
Litigation funder Omni Bridgeway and international law firm Baker & McKenzie brought the first class-action lawsuit against Medibank. US-based law firm Quinn Emmanuel Urquhart & Sullivan also filed for a consumer class-action lawsuit, followed by Slater and Gordon.
Medibank recently released the results of the cyber incident review conducted by Deloitte. It confirmed that it already implemented some of the review recommendations and will continue to review its cyber security governance solutions.
