Key Points
- Medibank has told its customers it has received messages from alleged data hackers
- Medibank said it held a "range of necessary personal information of customers"
Following a hacking incident at Medibank, Cyber Security Minister Clare O'Neil says Australian companies must do more to protect customer data.
The federal government confirmed a "significant cyber security incident" within Medibank after the health insurer went into a trading halt after receiving messages from alleged data hackers.
Medibank said in a statement to the ASX on Wednesday it had launched a forensic investigation to establish if a group removed customer data.
Cyber Security Minister Clare O’Neil. Source: AAP / MICK TSIKAS
"This incident is another reminder for Australian governments, businesses and citizens to be vigilant about their cyber safety," she said in a statement on Wednesday night.
Ms O'Neil said support was being provided by the Australian Signals Directorate's Australian Cyber Security Centre and the Department of Home Affairs and she had spoken with Medibank CEO David Koczkar and Australian Federal Police.
An investigation has been launched, with federal government agencies examining the incident and working alongside Medibank.
Ms O'Neil said the situation was concerning and that agencies were working to stop the data from being released on the internet.
The Medibank hack, following the recent widespread data breach at telecommunications company Optus, is a wake-up call for business.
"This is the new world that we live in, we are going to be under relentless cyber attack essentially from here on in," Ms O'Neil told ABC Radio on Thursday.
"We need to do a lot better as a country to make sure that we are doing everything we can within organisations to protect customer data and also for citizens to be doing everything they can."
Ms O'Neil said it was too early to tell how many customers had been affected by the Medibank hack after speaking with the insurer's CEO.
Medibank has apologised to customers over the alleged hack.
"What we have here is information that's held by this organisation, which is healthcare information, and that just on its own being made public can cause immense harm to Australians."
Medibank said protection of customer data remained a priority, and apologised in a statement, telling customers: "We're sorry."
"Medibank systems have not been encrypted by ransomware, which means usual activities for customers continues," the health insure said in a statement.
"We continue to work with specialised cyber security firms and have advised the Australian Cyber Security Centre."
Steps to safeguard the network and systems may cause temporary disruptions to services, the insurer warned.
Mr Koczkar offered an apology acknowledging the news would concern customers.
"Our team has been working around the clock since we first discovered the unusual activity on our systems and we will not stop doing that now," he said.
Medibank said it held a "range of necessary personal information of customers" as a company providing health insurance and services.
The news comes six days after Medibank reported an attempted ransomware attack on its network, but said there was no evidence that customer data had been removed.
It's the latest in a spate of cyber breaches recently reported by Australian companies, including mobile operator Optus and supermarket Woolworths.