THE SQUIZ
Four weeks after Australia’s largest health insurer first detected a cyberattack, the company provided 2 major updates yesterday. First, the number of current and former customers whose personal information was exposed is 9.7 million – more than double the 4 million previously reported. And 2nd, Medibank boss David Koczkar said the company won’t pay any ransom following advice from cybercrime experts and the federal government. Without disclosing the amount that’s been demanded, he says there’s a “limited chance” a ransom would see customers’ data returned or kept off the internet – and it could even have the “opposite effect” of encouraging the criminal to “directly extort” customers.

HAVE THEY WORKED OUT WHAT DATA’S BEEN STOLEN?
Yep – the names, dates of birth, phone numbers and email addresses of 5.1 million Medibank customers, 2.8 million ahm customers (Medibank’s low-cost brand), and 1.8 million international customers have been accessed. That includes the claims of nearly 500,000 people, including highly sensitive health information. Some patients’ emergency contacts were also breached. And the hacker got access to the Medicare numbers of ahm customers and passport numbers and visa details for international student customers. Koczkar says Medibank has not yet received any reports of the hack directly leading to customers being targeted, but that could be on the cards now the company has confirmed it won’t pay up. Medibank is working with federal agencies and police as an investigation continues.

UMM I’M A MEDIBANK CUSTOMER…
Yep, there are a few of us… Medibank says the next step is advising customers how they’ve been affected – and that will be “as soon as possible”. Until then, there are a few options for support, including a 24/7 health and wellbeing line. And there’s advice from IDCARE – Australia’s national identity and cyber support community service – for those worried about the exposure of their personal information. Like the recent Optus hack, there is an elevated risk of customers being targeted by online scammers. Scamwatch explains what to look out for and how to report scams. Long story short, it’s wise to verify any communications and not open messages from unknown numbers. Changing passwords and activating multi-factor authentication for online accounts also minimises the risk. Take care out there…