Medibank confirms ransomware attack impacting 9.7M customers, but doesn’t pay the ransom

Australian health insurer Medibank confirmed that personal data belonging to around 9.7 million current and former customers were exposed as a result of a ransomware attack.

Medibank announced that personal data belonging to around 9.7M of current and former customers were exposed as a result of a recent ransomware attack.

Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers.

“Based on our investigation to date into this cybercrime we currently believe the criminal has accessed:

• Name, date of birth, address, phone number and email address for around 9.7 million current and former customers and some of their authorised representatives.  This figure represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers
• Medicare numbers (but not expiry dates) for ahm customers
• Passport numbers (but not expiry dates) and visa details for international student customers
• Health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers.  This includes service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered.  Additionally, around 5,200 My Home Hospital (MHH) patients have had some personal and health claims data accessed and around 2,900 next of kin of these patients have had some contact details accessed
• Health provider details, including names, provider numbers and addresses” states the company.

The health insurer believes the attackers have not accessed credit card and banking details, and primary identity documents, such as drivers’ licences, because it doesn’t collect them except in exceptional circumstances.

The company discovered the ransomware attack on October 12 it also announced that no ransom payment will be made to the threat actors for the data theft. 

The attackers had access to data belonging to around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers.

“Given the nature of this crime, unfortunately we now believe that all of the customer data accessed could have been taken by the criminal.” concludes the data breach notice.

The company urges customers to remain vigilant as threat actors can attempt to contact them directly or publish customer data online.

Impacted customers can report it to ReportCyber | Cyber.gov.au.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]