Jump to content

Recommended Posts

Posted

For information.  Copy of self-explanatory email from Medibank. 

 

Dear .......,

I am writing to provide you with a further update on the cybercrime, which is subject to a criminal investigation by the Australian Federal Police (AFP).

From the very start, we have committed to being transparent about what we know, and how it impacts you. We understand you’ve left Medibank, but we are writing to former customers to alert them to this incident because customer data – both current and former – is our highest priority.

Unfortunately, it is now clear that the criminal has taken data that belongs to Medibank customers, in addition to that of ahm and international student customers.

This is a distressing development and I unreservedly apologise.

What's happened
We have received a series of additional files from the criminal. We have been able to determine that this includes:
  • A copy of the file received last week containing 100 ahm policy records – including personal and health claims data
  • A file of a further 1,000 ahm policy records – including personal and health claims data
  • Files which contain some Medibank and additional ahm and international student customer data
Given the complexity of what we have received, it is too soon to determine the full extent of the customer data that has been stolen. We will continue to analyse what we have received to understand the total number of customers impacted, and specifically which information has been stolen.

As we continue to investigate the scale of this cybercrime, we expect the number of affected customers to grow as this unfolds.

What we are doing
I know you'll be anxious to hear whether your personal data has been taken as part of this event. While we cannot provide that clarity today, our teams are working around the clock to verify the full extent of the data that has been stolen. If we find your data has been stolen, we will notify you, by email, as soon as we can. Until this verification process is complete, unfortunately our contact centre and retail teams will not have access to further information on whether your data has been stolen.

You can visit our website for our most recent updates, answers to frequently asked questions, as well as a reminder of the further resources available. Our contact centre team is available on 13 23 31 to answer other questions that you may have.

It’s important to remain vigilant to suspicious communications received via email, text or phone call, and I encourage you to review the valuable information offered by the Australian Cyber Security Centre, including clear advice on how to further protect yourself.

I want to thank you again for your continued understanding as we work through this event.

Regards,
c9ed3a6e-c985-4bd6-a529-19513c1411f5.jpg
David Koczkar
Chief Executive Officer, Medibank
  • 2 weeks later...
Posted

Followup by Medibank:

 


Having trouble viewing this email? Click here to view online.
medibank
An update on our cyber incident
 
 
Dear ..........

Earlier today, we announced a number of further developments in the recent cybercrime.

Firstly, we announced that no ransom payment will be made to the criminal responsible for this data theft.

I wanted to write to you personally to explain why we made this decision. Based on the extensive advice we have received from cybercrime experts, we believe that there is only a limited chance that paying a ransom would ensure the return of our customers’ data and prevent it from being published. In fact, paying the ransom could have the opposite effect, and encourage the criminal to directly extort our customers. There is also a strong chance that paying a ransom could put more people in harm’s way by making Australia a bigger target.

In the announcement, we also shared additional details of the customer data that we believe has been accessed and could have been taken by the criminal.

What data do we currently believe has been accessed?
Based on our investigation to date into this cybercrime we currently believe the criminal accessed:
  • The name, date of birth, address, phone number and email addresses for around 5.1 million current and former Medibank customers
  • Health claims data for around 160,000 of these Medibank customers. This includes service provider name and location, where customers received certain medical services, and codes associated with diagnoses and procedures administered.
Given the nature of this crime, we believe that all of the customer data accessed could have been taken by the criminal.

We currently believe that the criminal did not access:
  • Credit card and banking details
  • Primary identity documents, such as drivers' licences. Medibank does not collect primary identity documents for customers except in exceptional circumstances, and for international customers
  • Medicare card numbers for Medibank customers
  • Health claims data for extras services (such as dental, physio, optical and psychology)
We will continue to send personalised communications to all customers, to let you know exactly what data we believe has been accessed or stolen, and to provide further advice on what steps you should take.

Medibank is required by law to retain certain customer (including former customer) information for particular periods of time, generally for 7 years from when a customer leaves us, but in some instances longer.

Support for customers
We have further extended our Cyber Response Support Program to now include:
  • Cybercrime health & wellbeing line (1800 644 325) – staffed by counsellors with specific training to support victims of crime, and issues related to sensitive health information
  • Mental health outreach service – proactive support service for vulnerable customers, and through referral from our contact centre teams
  • Better Minds App – new, tailored preventative health advice and resources specific to cybercrime and its impact on mental health and wellbeing, with additional phone based psychological support available
  • Personal duress alarms – for customers that are particularly vulnerable, or face safety risks
And as we announced last week, the program continues to include:
  • Specialist identity protection advice and resources through IDCare’s purpose built Medibank page - this is available for all customers (current and former)
  • Free identity monitoring services for customers who have had their primary identity documents compromised in this crime
  • Reimbursement of government replacement fees for customers whose primary identity documents have been compromised by this crime
  • Hardship support for customers who are in a uniquely vulnerable position as a result of this crime which can be accessed via our contact centre team on 132 331
In addition, we have extended our contact centre opening hours, and have established specialised teams to support customers. Details of our latest opening hours can be found on the Medibank incident hub.

Your online security
We recommend you remain vigilant with your online security, especially suspicious phone calls, SMS and emails. There are a number of resources online that help explain how you can protect your online identity including the Australian Cyber Security Centre and ScamWatch.

If you do receive any suspicious communication, please forward it to [email protected].

As always, Medibank will never contact you asking for your password or other sensitive information.

Safeguarding our systems
We have continued to prioritise preventing further unauthorised access to our IT network. This includes continuous monitoring of our network for any suspicious activity. We have added further detection and forensics capability across our systems, and scaled up the support we are receiving from specialist third parties. Normal business operations have been maintained during this cybercrime event with customers continuing to access health services. No further suspicious activity inside our systems has been detected since 12 October 2022.

I recognise the significant responsibility we have to the people who rely on us to look after their health and wellbeing and their data – and I unreservedly apologise to every person affected by this cybercrime.

Thank you for your continued patience and understanding as we continue to respond to this cybercrime.

Regards,
c9ed3a6e-c985-4bd6-a529-19513c1411f5.jpg
David Koczkar
Chief Executive Officer, Medibank

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.



×
×
  • Create New...