Australian health insurer Medibank today confirmed that the data of 9.7 million customers was compromised in a recent cyberattack.
The incident was identified on October 12, before threat actors could deploy file-encrypting ransomware, but not before they stole data from the company’s systems.
Medibank, which immediately initiated incident response and launched an investigation into the attack, could not determine whether customer data was compromised until contacted by the threat actor behind the data breach.
Two weeks ago, the company estimated that roughly 4 million customers might have been impacted by the cyberattack, but it has now increased that estimate to 9.7 million.
The attackers accessed the data of “around 9.7 million current and former customers and some of their authorized representatives. This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers,” the company said earlier today.
Personal information compromised during the attack includes names, addresses, birth dates, phone numbers, and email addresses, Medibank announced. Medicare numbers, passport numbers, and visa details for international students were also compromised.
Health claims data for some Medibank, ahm, and international customers was also compromised, including service provider’s name and location, the location where medical services were provided, and diagnosis and procedures codes.
“Additionally, around 5,200 My Home Hospital (MHH) patients have had some personal and health claims data accessed and around 2,900 next of kin of these patients have had some contact details accessed,” Medibank announced.
The health insurance provider says that no primary identity documents, such as drivers’ licenses, were compromised in the cyberattack, as Medibank does not collect them, except in special circumstances. Credit card data, banking details, and health claims data for extras services were not accessed either.
Medibank announced that it now believes the attackers exfiltrated all of the customer data they were able to access during the incident, but said that it will not pay any ransom demand.
“Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published. In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target,” Medibank CEO David Koczkar said.
The company, which has restored services impacted by the incident and has maintained business operations during the event, says that no further suspicious activity has been identified inside its network since October 12.
Ionut Arghire is an international correspondent for SecurityWeek. Previous Columns by Ionut Arghire:Tags: