Breach Notification , Cybercrime , Finance & Banking
Australian Insurer Back Online After CyberattackMedibank Group Says No Evidence of Data Compromise
A private health insurance company serving nearly 4 million Australians has restored access to its policy writing systems after taking them offline following a cyber incident.
Medibank Group says there's no evidence of customer data being accessed despite detecting on Wednesday "unusual activity" on its network.
The incident led the publicly traded company to ask the Australian Securities Exchange on Thursday to suspend trading of its shares until Monday.
Medibank is one of Australia's largest health insurers, providing private health insurance and health services to more than 3.9 million Australians. It ended 2021 with health insurance premium revenue of AU$6.7 billion.
Timeline of Events
Medibank says it detected unusual activity on its network Wednesday. In response, it engaged unnamed cybersecurity firms and took some of its customer-facing systems offline as a precautionary measure.
On Thursday, Medibank Chief Executive Officer David Koczkar acknowledged the cyber incident to his customers and also requested the Australian Securities Exchange to impose a "trading halt."
Medibank notified the Australian Cyber Security Center, Australian Prudential Regulation Authority and the Office of the Australian Information Commissioner.
It sent email and text message notifications to the customers on Thursday, explaining what had happened and the company's response to it. The company has already sent this notification to 2.8 million customers on Thursday and was in the process of contacting all others on Friday.
Through Thursday, while certain systems remained offline, Medibank's health services, which includes telehealth and home care, were unaffected. On Friday morning, Koczkar informed its insurance policy customers that systems were back online.