Hackers Have Already Cost Medibank $26m

Uploaded on 2023-03-21 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Health & Welfare, BUSINESS-Services-Financial

The biggest cyber attack in Australia’s history has sparked an exodus of customers from Medibank, the health insurer, and it says it has started to return to policyholder growth. Medibank has now revealed that it has suffered $26.2 million AUD (£14.7 million) in cyber crime-related costs following the hack of its systems in the second half of 2022.

Medibank said, “Given the nature of this crime, we now believe that all of the customer data accessed could have been stolen by the criminal.”

It expects its cyber crime losses to amount to $40-$45 million for the 2023 financial year. This involves additional investments in IT security, but excludes further customer and other remediation, regulatory, or litigation-related costs.

The attacker accessed its systems through a stolen username and password belonging to a third-party IT service provider, Medibank has said. This was used to access the company’s network through a misconfigured firewall which lacked an additional digital security certificate. Medibank chief executive David Koczkar says the embattled health insurer is prioritising contacting its most vulnerable customers after it ruled out paying a ransom, telling nearly 10 million Australians to prepare to see their information online or to receive a call from the hackers.

Four weeks after first telling government no customer data had been taken, Medibank was forced to admit 9.7 million Australians have had their data stolen, including people who could be in significant danger if their information is misused.

Recently the company said it has implemented greater security controls, including ensuring its firewall authentication is fully configured across its entire network. It has also improved its network security to help defend against the 18 million perimeter attacks it experiences every day.

Medibank was evidently considered a juicy target, having announced a gross profit of $233.3 million, an increase of almost 6% compared to the previous half-year. Over the past year, the company has gained around 35,000 customers, despite losing 13,000 clients following the attack in the second half of 2022. 

Medibank:      ITPro:     The Australian:    ABC:    AFR

You Might Also Read: 

Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Britain's New Security Agency To Counter Chinese Hacking 
AI Is Creating New Mobile Scamming Threats    »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CGI Group

CGI Group

CGI is a leading IT and business process services provider. Services include IT consulting, Systems Integration, Application Development, Infrastructure, Business Processes, Digital IP.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

Sliced Tech

Sliced Tech

Sliced Tech provides enterprise grade managed Cloud services, including Security-as-a-Services, aimed at meeting the needs of commercial and government clients from within Australia.

Center for Cyber Safety and Education

Center for Cyber Safety and Education

The Center for Cyber Safety and Education works to ensure that people across the globe have a positive and safe experience online through our educational programs, scholarships, and research.

SaltStack

SaltStack

SaltStack develops award-winning intelligent IT automation software. We help businesses more efficiently secure and manage all aspects of their digital infrastructure.

Paladin Capital Group

Paladin Capital Group

Paladin is a leading global investor that supports and grows the world’s most innovative cyber companies.

Collins Aerospace

Collins Aerospace

Collins Aerospace provides cybersecurity services and systems to protect critical infrastructure facilities and railroad operations.

Lionfish Cyber Security

Lionfish Cyber Security

Lionfish Cyber Evolution & Empowerment Model™ empowers SMBs to prepare and protect themselves against cyber threats using a unique combination of on-demand training, support and managed services.

Secure Ideas

Secure Ideas

Secure Ideas is focused on penetration testing and application security including web applications, web services and mobile applications.

Infosec Cloud

Infosec Cloud

Infosec Cloud is a specialist Cyber Security company offering fully managed Training & Testing Services in addition to market leading Cyber Security technology and accredited professional services.

Anxinsec

Anxinsec

Anxinsec Technology is a security solution and service provider with a focus on new technology and innovations in cybersecurity.

Sourcepass

Sourcepass

Sourcepass is an IT consulting company that focuses on providing expert IT services, cloud computing solutions, cybersecurity services, website, and application development.

Infinipoint

Infinipoint

Infinipoint pioneers the first Device-Identity-as-a-Service (DIaaS) solution, addressing Zero Trust device access and enabling enterprises of all sizes to automate cyber hygiene.

Nitel

Nitel

Nitel is a leading next-generation technology services provider. We simplify the complex technology challenges of today’s enterprises to create seamless and integrated managed network solutions.

443ID

443ID

443ID brings OSINT data to Identity Security professionals on any digital platform.

Avrem Technologies

Avrem Technologies

Avrem Technologies is a business IT and cybersecurity consulting firm. We design, implement, manage and monitor the networks, servers, computers and software that our clients rely on each day.

SYN Ventures

SYN Ventures

SYN Ventures invests in disruptive, transformational solutions that reduce technology risk.