Cybercriminal hacks data of all customers: Australian health insurer
Hackers accessed millions of medical records at one of Australia's largest private health insurers, prompting the government to admit the nation's cyber safeguards are "inadequate".
This was the latest in a series of hacks targeting millions of people that have brought Australian companies' lax approach to cyber security into sharp relief.
Australia’s largest health insurer has said that a cybercriminal had hacked the personal data of all its 4 million customers, as the government introduced legislation that would increase penalties for companies that fail to protect clients’ private information.
Medibank said on Wednesday that “significant amounts of health claims data” had also been accessed in the breach, which was reported to police a week ago when trade in the company’s shares was halted.
The thief has demanded ransom and has reportedly threatened to expose the diagnoses and treatments of high-profile customers.
Medibank said its priority was to discover the specific data stolen in relation to each customer and to share that information with those customers.
The company had previously said the breach was thought to be limited to its subsidiary AHM and foreign students.
“Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data,” Medibank chief executive David Koczkar said in a statement to the Australian Securities Exchange.
READ MORE: Concerns in Australia after personal data leaked in big hack
'Terrible crime'
“This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community,” Koczkar added, with an apology to customers.
The government has been planning urgent legislative reforms on cybersecurity regulation since a hacker stole the personal data of almost 10 million current and former customers of Optus, Australia’s second-largest wireless telecommunications carrier.
Optus became aware on September 21 that personal data of more than one-third of Australia’s population of 26 million had been stolen.
In introducing amendments to the Privacy Act to Parliament on Wednesday, Attorney-General Mark Dreyfus mentioned both companies and MyDeal, an online retail intermediary that lost the data of 2.2 million customers in a hack revealed two weeks ago.
READ MORE: Hackers steal over $600M from video game network
Breaches of Privacy Act
The government is critical of companies that amass more customer data than necessary to make money from it in ways unrelated to the services for which the information was provided.
The penalties for serious breaches of the Privacy Act would increase from 2.2 million Australian dollars ($1.4 million) now to AU$50 million ($32 million) under the proposed amendments.
A company could also be fined the value of 30 percent of its revenues over a defined period if that amount exceeded AU$50 million ($32 million).
Medibank said on Wednesday it did not have cyber insurance and estimated the hack would reduce its earnings by between AU$25 million ($16 million) and AU$35 million ($22 million) by early next year.
The Medicare trading halt was lifted on Wednesday and shares slid more than 14 percent in early trading.
Copyright © 2024 TRT World.