Hackers Have Already Cost Medibank $26m

The biggest cyber attack in Australia’s history has sparked an exodus of customers from Medibank, the health insurer, and it says it has started to return to policyholder growth. Medibank has now revealed that it has suffered $26.2 million AUD (£14.7 million) in cyber crime-related costs following the hack of its systems in the second half of 2022.

Medibank said, “Given the nature of this crime, we now believe that all of the customer data accessed could have been stolen by the criminal.”

It expects its cyber crime losses to amount to $40-$45 million for the 2023 financial year. This involves additional investments in IT security, but excludes further customer and other remediation, regulatory, or litigation-related costs.

The attacker accessed its systems through a stolen username and password belonging to a third-party IT service provider, Medibank has said. This was used to access the company’s network through a misconfigured firewall which lacked an additional digital security certificate. Medibank chief executive David Koczkar says the embattled health insurer is prioritising contacting its most vulnerable customers after it ruled out paying a ransom, telling nearly 10 million Australians to prepare to see their information online or to receive a call from the hackers.

Four weeks after first telling government no customer data had been taken, Medibank was forced to admit 9.7 million Australians have had their data stolen, including people who could be in significant danger if their information is misused.

Recently the company said it has implemented greater security controls, including ensuring its firewall authentication is fully configured across its entire network. It has also improved its network security to help defend against the 18 million perimeter attacks it experiences every day.

Medibank was evidently considered a juicy target, having announced a gross profit of $233.3 million, an increase of almost 6% compared to the previous half-year. Over the past year, the company has gained around 35,000 customers, despite losing 13,000 clients following the attack in the second half of 2022. 

Medibank:      ITPro:     The Australian:    ABC:    AFR

You Might Also Read: 

Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Britain's New Security Agency To Counter Chinese Hacking 
AI Is Creating New Mobile Scamming Threats    »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Globalscape

Globalscape

Globalscape is a leader in secure data exchange solutions.

Kaseya

Kaseya

Kaseya is a premier provider of unified IT management and security software for managed service providers (MSPs) and small to medium-sized businesses (SMBS).

K&D Insurance Brokers

K&D Insurance Brokers

K&D provide insurance for all sectors of industry and commerce including cyber risk cover.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

NDK InfoSec

NDK InfoSec

NDK InfoSec is a specialist Information Security and Cyber Security search firm. We're not just a security function in a larger generalist recruitment company.

Keyavi Data

Keyavi Data

With Keyavi’s evolutionary data protection technology, your data stays within the bounds of your control in perpetuity.

Authenteq

Authenteq

Authenteq provides an Omni-Channel identity verification and KYC solution that allows your customers to verify their identity through any channel without compromising their privacy.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

Boeing

Boeing

Boeing is the world's largest aerospace company and leading manufacturer of commercial jetliners, defense, space and security systems.

Yoti

Yoti

Yoti offer a suite of business solutions that span identity verification, age estimation, e-signing and AI anti-spoofing technologies.

South West Cyber Resilience Centre (SWCRC)

South West Cyber Resilience Centre (SWCRC)

The South West Cyber Resilience Centre (SWCRC) is led by serving police officers, as part of a not-for-profit partnership with business and academia.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

Splashtop

Splashtop

Splashtop’s cloud-based, secure, and easily managed remote access solution is increasingly replacing legacy approaches such as virtual private networks.

National Cybersecurity Alliance

National Cybersecurity Alliance

The National Cybersecurity Alliance is a non-profit organization on a mission to create a more secure, interconnected world.

Sababa Security

Sababa Security

Sababa Security is the first Italian innovation cyber security vendor, that provides security products, training, and managed services to protect diverse IT and OT environments.

HTX (Home Team Science & Technology Agency)

HTX (Home Team Science & Technology Agency)

HTX brings together science and engineering capabilities to transform the homeland security landscape and keep Singapore safe.