"Medibank Admits Ransomware Attack Is Far Worse Than Previously Thought"

Medibank revealed that a cyberattack on the company's systems in October impacted 9.7 million current and former customers, with the number of those affected being significantly higher than previously thought. The company, one of Australia's largest health insurance providers, disclosed on October 19 that it had been the victim of a cyberattack and was negotiating with the perpetrators. A week later, Medibank said the attacker had access to its 3.9 million customer records and hinted that the number of customers affected by the attack could grow significantly. Following an investigation, the company has revealed that the attacker obtained access to 9.7 million current and former customers' data, stating that it is required by law to keep certain customer information, including former customers, for specific periods of time, typically seven years from the date a customer leaves the company, but sometimes longer. The 9.7 million figure includes approximately 5.1 million Medibank customers, 2.8 million Ahm customers, and about 1.8 million international customers. The attacker also gained access to Ahm customers' Medicare numbers, as well as passport numbers and visa information for international student customers. Health claims data for roughly 160,000 Medibank customers, 300,000 Ahm customers, and 20,000 international customers were also accessed. This included the name and location of the service provider, where customers received medical services, and codes associated with the diagnosis and procedures administered. The company has also decided not to pay a ransom to the attacker responsible for the data theft. It stated that this decision is consistent with the Australian government's position. This article continues to discuss the Medibank cyberattack having a greater impact than previously thought. 

ITPro reports "Medibank Admits Ransomware Attack Is Far Worse Than Previously Thought"