Australia’s government admits its cyber safeguards are inadequate following the hacking of one of its largest private health insurers.
The hack is the latest in a series targeting millions of people that has exposed Australian companies’ lax cyber security practices.
David Koczkar, Medibank’s chief executive, said data about every one of its 3.9 million policyholders had been compromised.
“We have now established that this criminal has accessed significant amounts of health claims data from all of our private health insurance customers,” he said.
Our community is the victim of a terrible crime committed with the intention of causing maximum harm.
Cyber attack
Last week, the cyber attack was revealed, but the number of victims has not been revealed.
It had been threatened that the hackers would leak the data, starting with 1,000 famous Australians, if Medibank didn’t pay a ransom.
According to Medibank, the hack could cost the company as much as Au$35 million (US$22 million).
Medibank’s hack follows Optus’ attack last month, which exposed the personal information of almost a third of Australians.
There has never been such a large data breach in Australian history as the Optus attack.
An insufficient response
Mark Dreyfus, Australia’s Attorney General, has previously accused companies of stockpiling sensitive customer data.
In the current climate, companies are facing paltry fines for not protecting customer data – Au$2.2 million.
In a statement last week, Dreyfus said these fines would be ratcheted up to Au$50 million.
The recent significant breaches of privacy have revealed the inadequacies of existing safeguards, he said.
Taking a hit for a major data breach is not enough to consider it a cost of doing business.
As a result of the Medibank hack, Home Affairs Minister Clare O’Neil said Tuesday that the fallout could be irreparable.
She told Australia’s parliament that one reason for the government’s concern is the nature of the data.
In terms of the privacy of Australians’ health information, the damage here may be irreparable.
Hacking has previously been described as a “dog act” – an Australian term for something particularly shameful or egregious.
[…] this week, it revealed that the federal government had sent cybersecurity dark web advisory to ministries and provinces to prevent data […]