Australia's No. 1 health insurer says hacker stole patient details


FILE PHOTO: People walk through the Central Business District (CBD) at dusk in Sydney, Australia, June 4, 2021. REUTERS/Loren Elliott

SYDNEY (Reuters) -Australia's biggest health insurer said on Thursday a criminal had apparently stolen customers' medical information as part of a massive breach of data, fuelling concern about a wave of high-profile cyber attacks.

Medibank Private Ltd, which covers one-sixth of Australians, said an unidentified person had shown the company stolen personal information of 100 customers, including medical diagnoses and procedures, as part of a theft of 200 gigabytes of data, first disclosed by the company a week earlier.

The company did not say how many of its 4 million customers were likely to have been affected but warned the number was likely to rise. The Australian Federal Police said they had opened an investigation into the breach, without commenting further.

The disclosure adds a new layer of angst to a wave of cyber attacks on Australia's biggest firms since No. 2 telco Optus, owned by Singapore Telecommunications Ltd, revealed a month ago that data of up to 10 million customers may have been stolen.

Until now, most public commentary has focused on the risk that hackers would use stolen data to access bank accounts. The Sydney Morning Herald reported that it obtained a message from a person claiming to be the Medibank hacker threatening to publish medical records of high-profile individuals unless the person were paid.

"What we have here is ... healthcare information and that just on its own being made public can cause immense harm to Australians and that's why we are so engaged with this," Cybersecurity Minister Clare O'Neill told the Australian Broadcasting Corp.

BIG TARGET

Cybersecurity experts said it was unclear whether the data breach disclosures were related, given the varied nature of the attacks, but the publicity generated by the Optus attack may have drawn attention in hacker networks.

"When you do have a highly visible breach like Optus in Australia out there, hackers take notice of that and go 'maybe I'll have a go down there and see what I can get away with,'" said Jeremy Kirk, executive editor at Information Security Media Group, a cybersecurity specialist publication.

Larger Optus rival Telstra Corp Ltd has disclosed a small breach of employee data, while No. 1 grocery chain Woolworths Group Ltd said an unidentified party gained unauthorised access to the customer database of a bargain website used by 2.2 million shoppers.

The high-profile data breaches show the importance of multi-factor authentication - where a person uses a code sent to a separate device to log in - at every level of a company's network, said Sanjay Jha, chief scientist for the University of New South Wales Institute for Cybersecurity.

"Maybe for end users they have done it, but for internal servers they should have even more stringent control," Jha told Reuters by phone.

"You need continuous authentication so that people don't log in and leave it forever, and then attackers can compromise your system," he added.

Dan Woods, a former FBI cyberterrorism investigator who is now head of intelligence at cybersecurity firm F5, said Australia had "undoubtedly experienced its worst few weeks from a cybercrime perspective, but on the positive side it's been a wake-up call the country may have needed".

(Reporting by Byron Kaye in Sydney; With additional reporting by Tejaswi Marthi and Sameer Manekar in Bengaluru; Editing by Gerry Doyle)

Get 20% OFF The Star Digital Access

Monthly Plan

RM 13.90/month

RM 11.12/month

Billed as RM 11.12 for the 1st month, RM 13.90 thereafter.

Best Value

Annual Plan

RM 12.33/month

RM 9.87/month

Billed as RM 118.40 for the 1st year, RM 148 thereafter.

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News

Sony to end discs for new PlayStation releases as gaming shifts online
Startup Oxmiq raises $35 million to build chip architecture to lower cost of AI
Meta building cloud business to sell excess AI capacity, Bloomberg News reports
Micron, GM sign semiconductor supply agreement for vehicles
Swedish court orders Google to pay $1.5 billion to Klarna in antitrust damages
Defense startups raid auto and fracking sectors for parts to speed weapons output
Unchecked AI progress may pose catastrophic risks, UN panel warns
Wayve courts automakers with AI driving system that learns like humans
Tesla�settles lawsuit over deadly crash involving full self-driving
Xbox pulls out of�‘Project Fantasy’ video game from IO Interactive

Others Also Read