Medibank hit by cyber attack

Ade said:
Link to my post from earlier this week

Medibank hit by cyber attack

After Optus, it's Medibank's turn now. From ABC news ; https://www.abc.net.au/news/2022-10-13/health-insurer-medibank-hit-by-cyber-attack/101531392 Health insurer Medibank Private says it has been hit by a cyber attack. The company said "unusual activity" had been detected on its network on...
www.australianfrequentflyer.com.au www.australianfrequentflyer.com.au
Click to expand...
Yes, but the information in your post says the data is from the ahm and international student systems

In todays announcement the bit about data from the Medibank system is new (i.e. the breach is worse than announced a few days ago)

  • Files which contain some Medibank and additional ahm and international student customer data
Click to expand...
 
oz_mark said:
Yes, but the information in your post says the data is from the ahm and international student systems

In todays announcement the bit about data from the Medibank system is new (i.e. the breach is worse than announced a few days ago)
Click to expand...

I'm not surprised at all. Not only that the data was hacked, but by this drip-feeding to manage the message by them. We were already looking to move our policies to another provider, this is just the final nail.
 
Struggling to Redeem Your Frequent Flyer Points?
The Frequent Flyer Concierge team takes the hard work out of finding reward seat availability. Using their expert knowledge and specialised tools, they'll help you book a great trip that maximises the value for your points.

AFF Supporters can remove this and all advertisements

SeatBackForward said:
I'm not surprised at all. Not only that the data was hacked, but by this drip-feeding to manage the message by them. We were already looking to move our policies to another provider, this is just the final nail.
Click to expand...

I can't see any incentive for them to drip feed the bad news (ie withhold what they know for a while). It keeps the story up-front day after day, and damages them by this. Possibly limits the government agency involvement early on.
 
oz_mark said:
Yes, but the information in your post says the data is from the ahm and international student systems

In todays announcement the bit about data from the Medibank system is new (i.e. the breach is worse than announced a few days ago)
Click to expand...
yea, you are right
 
We get the emails from Medibank to 'update' us, but considering we have not been insured with them for at least 10 years, that they still have our details in their system is very concerning.
 
RooFlyer said:
I can't see any incentive for them to drip feed the bad news (ie withhold what they know for a while). It keeps the story up-front day after day, and damages them by this. Possibly limits the government agency involvement early on.
Click to expand...
I agree that there's really no incentive for them to drip feed information, and think their approach has been infinitely better than that of Optus.

With that said, I didn't believe them for a minute when they initially said "there's no evidence that sensitive data had been accessed". That's no reason to enter a trading halt on the ASX (imo).
 
Holy moly, now confirmed that every customer of the Medibank group has had their personal and health claims data breached. The implications for this are shocking - what if the health claims data gets into the hands of your employer, your life insurance provider or the general public.

Since yesterday’s announcement, our cybercrime investigation has now established that the criminal had access to:
  • All ahm customers’ personal data and significant amounts of health claims data
  • All international student customers’ personal data and significant amounts of health claims data
  • All Medibank customers’ personal data and significant amounts of health claims data
 
I'm pi$$ed off beyond belief with Medibank Private (and Optus)...at least my medical info is not that sensitive that I would be embarassed if it is publically known :( The Government needs to really tighten up with companies holding your private information with huge fines (I read 30% off annual turnover) so companies spend money to ensure your personal info is kept safe! I would join a class action against Medibank....
 
Last edited:
kpc said:
I'm pi$$ed off beyond belief with Medibank Private (and Optus)...at least my medical info is not that sensitive that I would be embarassed if it is publically known :( The Government needs to really tighten up with companies holding your private information with huge fines (I read 30% off annual turnover) so companies spend money to ensure your personal info is kept safe! I would join a class action against Medibank....
Click to expand...

That's part of the solution, but I also think the government(s) need to take a hard look at all their record-keeping requirements etc. It's a bit f a minefield.
blackcat20 said:
Hopefully it doesnt include previous customers, as I left them some time ago.
Click to expand...

They do need to retain medical and other records for at least 7 years.
 
oz_mark said:
They do need to retain medical and other records for at least 7 years.
Click to expand...

What annoys me is the keeping of closed accounts 'on-line' I can't see much of a reason for them to be accessible through the internet. If access is required, it could be requested and made available next day.

I went back to Westpac after closing all my accounts abt 4 years prior. When I inquired about internet banking, they said to just log in as before - everything was still set up!!
 
Sponsored Post

Struggling to use your Frequent Flyer Points?

Frequent Flyer Concierge takes the hard work out of finding award availability and redeeming your frequent flyer or credit card points for flights.

Using their expert knowledge and specialised tools, the Frequent Flyer Concierge team at Frequent Flyer Concierge will help you book a great trip that maximises the value for your points.

RooFlyer said:
What annoys me is the keeping of closed accounts 'on-line' I can't see much of a reason for them to be accessible through the internet. If access is required, it could be requested and made available next day.

I went back to Westpac after closing all my accounts abt 4 years prior. When I inquired about internet banking, they said to just log in as before - everything was still set up!!
Click to expand...

While true, the Medibank attack looks more like someone got onto their internal network.
 
RooFlyer said:
I can't see any incentive for them to drip feed the bad news (ie withhold what they know for a while). It keeps the story up-front day after day, and damages them by this. Possibly limits the government agency involvement early on.
Click to expand...

Just another corporation that insults the intelligence of their customers. Note that investors were told of this earlier than affected customers. Do we need any clearer indication of where their interests lay? This drip-feeding is pure reputational management, soften them up for the actual full impact.
 
oz_mark said:
While true, the Medibank attack looks more like someone got onto their internal network.
Click to expand...

But that's the same as Optus..
They've penetrated an internal network and copied a large poorly protected and seemingly non-hashed or salted database.

Personally I think the Optus one is worse as they kept 100 points of ID which opens up ID theft and financial crimes.

Medibank (while still scary) seemingly has less ID information.
And for Jo Blow the fact that Medibank paid $800 on Item 3452 in Feb-2017 probably isn't a massive concern.
It might be if you are a 'famous' person.

I'd be far more concerned if some of the Medical Practice software companies were hacked.

Medibank seemingly had no idea about what information was taken, and the initial proof the hackers provided only related to a small subset of their customers.
They've since obviously shown they've got a lot more info
 
Last edited:
SeatBackForward said:
Note that investors were told of this earlier than affected customers. Do we need any clearer indication of where their interests lay?
Click to expand...

You'd be foolish to think that any company's number one priority is not shareholders and shareholder wealth. That's why these companies exist.

Might be worth considering doing business with not for profits or mutuals if this is a concern.
 
I believe that both AHM and Medibank have announced that premium increases due on November 1 are being deferred to sometime in January. They are going to have to up that offer considerably. I would expect premium increases to be deferred for at least a year and even a premium holiday for a period, possibly scaled depending upon how long you have been a member.
 
SydneySwan said:
I believe that both AHM and Medibank have announced that premium increases due on November 1 are being deferred to sometime in January. They are going to have to up that offer considerably. I would expect premium increases to be deferred for at least a year and even a premium holiday for a period, possibly scaled depending upon how long you have been a member.
Click to expand...
Now the shareholders will be concerned!
 
SeatBackForward said:
Just another corporation that insults the intelligence of their customers. Note that investors were told of this earlier than affected customers. Do we need any clearer indication of where their interests lay? This drip-feeding is pure reputational management, soften them up for the actual full impact.
Click to expand...
It's a legal requirement to keep shareholders informed.
 

Enhance your AFF viewing experience!!

From just $6 we'll remove all advertisements so that you can enjoy a cleaner and uninterupted viewing experience.

And you'll be supporting us so that we can continue to provide this valuable resource :)


Sample AFF with no advertisements? More..

Recent Posts

Currently Active Users

Total: 1,217 (members: 19, guests: 1,198)
Back
Top