Medibank and ahm cyber crime: How to safeguard your personal data
Medibank has joined Optus as the latest company to have customer data stolen with the health insurance provider confirming personal information from both ahm health insurance and Medibank Private was compromised recently.
On 20 October, Medibank was contacted by a criminal group claiming to have stolen data, revealing personal records for 100 customer policies from ahm.
This morning, Medibank followed up by confirming customer data was also taken from the overarching company and an estimated four million Australians are at risk of having their personal data compromised.
In the wake of the Optus data breach that put up to 10 million customers at risk of identity theft, the Medibank cyber attack highlights the vulnerability of our online data.
This is what you need to know if you’re a Medibank or ahm customer, and how you can protect your financial and online data.
What information was compromised
Medibank has posted a list of compromised information on their website, with some claims yet to be verified – such as the theft of credit card and bank details.
The data that has been confirmed as stolen includes:
- First names and surnames
- Addresses
- Dates of birth
- Medicare numbers
- Healthcare policy numbers
- ahm and Medibank policy records
- Phone numbers
- Personal and health claims data, such as the location of where medical services occurred and codes relating to diagnoses and procedures
Additional work is being undertaken by the Australian Federal Police (AFP) to confirm the extent of the data breach, including the total number of customers affected. Medibank is currently contacting customers who have been impacted by the breach.
Medibank’s response
Medibank Chief Executive Officer (CEO) David Koczkar has apologised to ahm and Medibank customers and the undue stress it is causing.
“I unreservedly apologise for this crime which has been perpetrated against our customers, our people, and the broader community,” Mr Koczkar says.
“I know that many will be disappointed with Medibank and I acknowledge that disappointment. This cybercrime is now the subject of an investigation by the Australian Federal Police.
“We will learn from this incident and will share our learnings with others. Medibank will remain open and transparent and will continue to provide comprehensive updates as often as we can and need to.”
The private health provider has also set up several supports for affected customers. Depending on your level of impact, you may be eligible for:
- Financial support for customers who are in a “uniquely vulnerable position” as a result of the crime
- Access to Medibank’s mental health and wellbeing support line
- Access to identity protection advice and resources
- Free identity monitoring services
- Reimbursement for any fees associated with replacement identity documents
Medibank is also deferring premium increases for existing customers from 1 November to 16 January 2023.
To find out if that support is available for you, contact ahm directly on 13 42 46 or Medibank on 13 23 31. They have also recommended you head to cyber.gov.au for more information on cyber security.
If you receive any suspicious emails or texts, send a copy to either scaminvestigations@medibank.com.au or scaminvestigations@ahm.com.au.
How to protect your personal information
If your information has been compromised, it is important you take the appropriate steps to protect yourself. In regards to the Medibank cyber threat, this could include updating passwords, your Medicare card number and financial details.
To replace your Medicare card, you can request a replacement card through MyGov by following the appropriate steps, calling 13 20 11 or using your smartphone’s Express Plus Medicare mobile app.
Although no password information was compromised, you should update your major account passwords. This includes bank accounts or email accounts that have access to confidential information.
To learn how to better protect yourself and set up strong passwords, you can read our article, ‘Being wary of scams and sharing your personal information’. It provides valuable tips on the most secure password combinations, such as passphrases.
Protecting your financial data
Unlike the Optus breach, Medibank has indicated that bank account information may have been compromised – although it has not offered official confirmation.
Regardless, you may be concerned about the safety of your personal information and the threat of identity theft.
You can contact your bank and explain your situation and possible solutions. One outcome would be cancelling credit or debit cards, which the bank will promptly mail out a replacement card to your address.
Your bank can also block any external accounts if an unauthorised transaction has occurred or they may be able to set up a new account for you. It is best to chat to your bank directly as there could be fees attached to this process.
If you do use online banking, setting up multi-factor authentication (MFA) or two-factor authentication (2FA) is essential. It’s a secondary security measure that requires two or more steps of verification.
For example, you may log in with a password online, but for any transaction to occur, you also have to approve it via your bank’s app on your smartphone.
Some banks will send a verification code by text message or email, while you can also set up biometric/fingerprint logins on your smartphone. This additional layer of personalised access protects your money from cyber criminals.
Are you a victim of the Medibank and ahm cyber attack? Tell us about your experience in the comments below.