THE SQUIZ
The Medibank data breach escalated yesterday when the company announced that it was worse than it had feared. The personal data and health records of all 4 million customers of Medibank and its low-cost brand ahm have been exposed. Past customers are also affected because of a government requirement to retain information for several years. And it’s possible the saga isn’t over… Medibank’s technology chief John Goodall says while they are undertaking “ongoing forensic analysis”, they can’t guarantee the hackers no longer have access to its systems. CEO David Koczkar “apologised unreservedly” for the crime he says is designed to cause “maximum harm to the most vulnerable”.

WHY HAS IT TAKEN SO LONG TO FIND THIS OUT?
It’s a good question because it’s been 2 weeks since the breach of Australia’s biggest health insurer first came to light when the company told customers it had taken 2 systems offline due to a “cyber incident”. Last week, Medibank said it had been contacted by hackers who said they had customer data allegedly stolen from their systems – they were seeking to open ransom ‘negotiations’, which are ongoing. Since then, Medibank, the Australian Federal Police and federal security agencies have been investigating. Reports suggest the hack first began with the theft of the credentials of someone at the company with a high level of access, which was then sold on a Russian-language cybercrime forum. Hackers then bought the credentials and used them to infiltrate the company’s systems.

SO WHAT NOW?
Well, investors certainly didn’t like it… The insurer’s share price fell 18% after it resumed trading for the first time in a week. As for how Medibank is helping customers – it’s providing tips on what to look out for to ensure they don’t get scammed or blackmailed by hackers who’ve gained access to their sensitive data. They are also offering financial support and a 24/7 support helpline. Meanwhile, Cyber Security Minister Clare O’Neil says the federal government has the “toughest and smartest” people working to prevent “irreparable harm” from being done. The Albanese Government is also set to introduce new legislation increasing the penalties for companies who fail to adequately protect customer data. And taking a broader view, global policing organisation INTERPOL announced that cybercrime is now their top concern as hacks like Medibank and Optus are becoming the new normal. Yikes…