Australian health insurer says data of all customers hacked

Oct 25, 2022, 7:40 PM | Updated: Oct 26, 2022, 2:56 pm
People walk past a Medibank branch in Sydney, Wednesday, Oct. 26, 2022. Medibank, Australia's large...

People walk past a Medibank branch in Sydney, Wednesday, Oct. 26, 2022. Medibank, Australia's largest health insurer, said a cybercriminal had hacked the personal data of all its 4 million customers as the government introduced legislation that would increase penalties for companies that fail to protect clients' private information. (AP Photo/Rick Rycroft)

(AP Photo/Rick Rycroft)

CANBERRA, Australia (AP) — Australia’s largest health insurer said on Wednesday a cybercriminal had hacked the personal data of all its 4 million customers, as the government introduced legislation that would increase penalties for companies that fail to protect clients’ private information.

Medibank said “significant amounts of health claims data” had also been accessed in the breach, which was reported to police a week ago when trade in the company’s shares was halted.

The thief has demanded ransom and has reportedly threatened to expose the diagnoses and treatments of high-profile customers.

Medibank said its priority was to discover the specific data stolen in relation to each customer and to share that information with those customers.

The company had previously said the breach was thought to be limited to its subsidiary AHM and foreign students.

“Our investigation has now established that this criminal has accessed all our private health insurance customers’ personal data and significant amounts of their health claims data,” Medibank chief executive David Koczkar said in a statement to the Australian Securities Exchange.

“This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community,” Koczkar added, with an apology to customers.

The government has been planning urgent legislative reforms on cybersecurity regulation since a hacker stole the personal data of almost 10 million current and former customers of Optus, Australia’s second-largest wireless telecommunications carrier.

Optus became aware on Sept. 21 that personal data of more than one-third of Australia’s population of 26 million had been stolen.

In introducing amendments to the Privacy Act to Parliament on Wednesday, Attorney-General Mark Dreyfus mentioned both companies and MyDeal, an online retail intermediary that lost the data of 2.2 million customers in a hack revealed two weeks ago.

“As the Optus, Medibank and MyDeal cyberattacks have recently highlighted, data breaches have the potential to cause serious financial and emotional harm to Australians, and this is unacceptable,” Dreyfus told Parliament.

“Governments, businesses and other organizations have an obligation to protect Australians’ personal data, not to treat it as a commercial asset,” Dreyfus added.

The government is critical of companies that amass more customer data than necessary to make money from it in ways unrelated to the services for which the information was provided.

The penalties for serious breaches of the Privacy Act would increase from 2.2 million Australian dollars ($1.4 million) now to AU$50 million ($32 million) under the proposed amendments.

A company could also be fined the value of 30% of its revenues over a defined period if that amount exceeded AU$50 million ($32 million).

Medibank said on Wednesday it did not have cyber insurance and estimated the hack would reduce its earnings by between AU$25 million ($16 million) and AU$35 million ($22 million) by early next year.

The Medicare trading halt was lifted on Wednesday and shares slid more than 14% in early trading.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


              A man walks past a Medibank branch in Sydney, Wednesday, Oct. 26, 2022. Medibank, Australia's largest health insurer, said a cybercriminal had hacked the personal data of all its 4 million customers as the government introduced legislation that would increase penalties for companies that fail to protect clients' private information. (AP Photo/Rick Rycroft)
            
              People walk past a Medibank branch in Sydney, Wednesday, Oct. 26, 2022. Medibank, Australia's largest health insurer, said a cybercriminal had hacked the personal data of all its 4 million customers as the government introduced legislation that would increase penalties for companies that fail to protect clients' private information. (AP Photo/Rick Rycroft)

AP

Associated Press

Police fatally shoot man who allegedly had gun in St. Paul

ST. PAUL, Minn. (AP) — Police in Minnesota say an officer fatally shot a man who they say displayed a handgun as they were trying to arrest him. The St. Paul Police Department said Tuesday that officers were responding to a domestic assault Monday evening and were told by the caller that the man had […]
8 hours ago
Associated Press

Foundations, major donors tackle nation’s nursing shortage

As more nurses leave their jobs in hospitals and health-care centers, foundations are pouring millions of dollars into efforts to ensure that more stay in the profession and get more out of the job than just the applause and pats on the back they got during the bleakest days of the pandemic. Philanthropic pledges announced […]
8 hours ago
Brendan Fraser poses for a portrait in Los Angeles on Friday, Nov. 18, 2022, to promote his film "T...
Associated Press

Brendan Fraser is back. But to him, ‘I was never far away’

NEW YORK (AP) — In a darkened hotel room in New York’s Soho neighborhood, Brendan Fraser kindly greets a reporter with an open plastic bag in his hand. “Would you like a gummy bear?” Fraser, the 54-year-old actor, is in many ways an extremely familiar face to encounter. Here is the once ubiquitous ’90s presence […]
8 hours ago
FILE - Robinhood CEO Vlad Tenev poses for a picture during an interview on July 28, 2021, in New Yo...
Associated Press

Robinhood takes on retirement in search for more growth

NEW YORK (AP) — Robinhood, the company that blazed onto Wall Street after turning millions of novices into investors by making trading fun, is now setting its sights on a more staid corner of the industry: saving for retirement. The company on Tuesday is initiating signups for a retirement program, where customers can sock savings […]
8 hours ago
FILE - Facebook's Meta logo sign is seen at the company headquarters in Menlo Park, Calif., on, Oct...
Associated Press

Meta oversight board urges changes to VIP moderation system

LONDON (AP) — Facebook parent Meta’s quasi-independent oversight board said Tuesday that an internal system that exempted high-profile users, including former U.S. President Donald Trump, from some or all of its content moderation rules needs a major overhaul. The report by the Oversight Board, which was more than a year in the making, said the […]
8 hours ago
Associated Press

Pope tightens oversight of Vatican-linked foundations

VATICAN CITY (AP) — Pope Francis on Tuesday tightened control and oversight over Vatican-based foundations and associations in his latest effort to impose international standards of accounting and governance on Vatican offices and affiliated entities. A new law aims to bring the Holy See into further compliance with recommendations from the Council of Europe’s Moneyval […]
8 hours ago

Sponsored Articles

(Desert Institute for Spine Care photo)...
DESERT INSTITUTE FOR SPINE CARE

Why DISC is world renowned for back and neck pain treatments

Fifty percent of Americans and 90% of people at least 50 years old have some level of degenerative disc disease.
...
SCHWARTZ LASER EYE CENTER

Key dates for Arizona sports fans to look forward to this fall

Fall brings new beginnings in different ways for Arizona’s professional sports teams like the Cardinals and Coyotes.
...
Day & Night Air Conditioning, Heating and Plumbing

Ways to prevent clogged drains and what to do if you’re too late

While there are a variety of ways to prevent clogged drains, it's equally as important to know what to do when you're already too late.
Australian health insurer says data of all customers hacked