Medibank cyberattack: Hacker had access to all customers' personal data

Medibank has released a further update on the recent cyber breach, showing the extent of the possible data stolen and the launch of a comprehensive package for customers affected by the incident.

As the investigation continues, focusing on identifying which systems and networks were accessed and what data was removed, Medibank found that the criminal had access to:

• All ahm customers' personal data and a significant number of health claims data;
• All international student customers' personal data and a significant number of health claims data; and
• All Medibank customers' personal data and a significant number of health claims data.

“As previously advised, we have evidence that the criminal has removed some of our customers' personal and health claims data, and it is now likely that the criminal has stolen further personal and health claims data. As a result, we expect that the number of affected customers could grow substantially,” the insurer said in a statement. “Our priority is to continue working to understand the specific data that has been taken for each of our customers so that we can contact them directly to let them know.”

Read more: Medibank CEO apologises, should his cyber security providers also fess up?

In response to the findings, Medibank will release a support package for affected customers, including:

• A hardship package to provide financial support for customers who are in a uniquely vulnerable position because of the breach, supported on an individual basis;
• Access to Medibank's mental health and wellbeing support line for all customers, including ahm customers;
• Access to specialist identity protection advice and resources from IDCARE;
• Free identity monitoring services for customers who have had their primary ID compromised; and
• Reimbursement of fees for re-issue of identity documents that have been fully compromised in this crime.

Medibank has confirmed that its IT systems have not been encrypted by ransomware. However, it has maintained normal business operations, with customers continuing to access health services.

The insurer prioritises preventing further unauthorised entry to its IT network and looks out for any suspicious activity by bolstering existing monitoring, adding further detection and forensics capability across its systems and network, and scaling up analytical support via specialist third parties.

In response to the incident, the Australian Prudential Regulation Authority (APRA) issued some reminders for its regulated entities.