A message from Medibank

Medibank has provided this update for AMA members on the current cybercrime event.

Thank you for your understanding and patience as we continue to work through this cybercrime event.

This week, we released an update on the cybercrime that includes what information relating to our customers, providers and partners we believe has been accessed by the criminal, based on our investigation to date:

We believe the following information is among the data that has been accessed: 

• Health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers.  This includes service provider name and location, where customers received certain medical services, and codes associated with diagnosis and procedures administered.
• Hospital admissions data that is not linkable to an individual patient, but include the name of the hospital, codes associated with the diagnosis and procedures administered and the amount charged for the admission.  

• Health provider details, including name, provider number and addresses and in certain instances some price information, such as charges for specific services 

Given the nature of this crime, we now believe that all of the data accessed could have been taken by the criminal.  

Based on our investigation to date, we do not believe the criminal has accessed:  

• Banking details  

• Health claims data for ancillary services  

• Patient medical records which are shared by hospitals as part of substantiating claims. 

 
Yesterday, the criminal released files on a dark web forum containing customer data that is believed to have been stolen from our systems. The Australian Federal Police has expanded Operation Guardian to protect our customers and providers whose personal information has been unlawfully released online by ransomware criminals.

We’ve worked with Services Australia to ensure appropriate preventative and monitoring measures are in place. We are also contacting all health funds to update them of the latest developments and best actions to take. 

Services Australia has confirmed a provider number is not enough information for a criminal to access Medicare records or claiming systems. These claiming systems include security measures to prevent unauthorised access.

We’ve prioritised preventing further unauthorised entry to our IT network and are continuing to monitor for any suspicious activity.

Normal business operations have been maintained during this cybercrime with customers continuing to access health services. No further suspicious activity inside our systems has been detected since 12 October 2022.

I know that this crime will be of concern to you and your members again we would like to unreservedly apologise for what has occurred. We’re contacting all affected customers and are regularly updating our customer information pagewith the latest news, support information and resources.

We’ll be contacting impacted providers soon to advise them directly of the cybercrime, details of the data relevant to them which was accessed, and what steps they can take to protect themselves (including support we have made available).  Further updates relating to providers will be available on our health provider site.

Our investigations are ongoing and we will continue to provide updates when information becomes available and is verified.

Here is the link to today’s newsroom cybercrime media update.