Australia's large health insurance company reports cyberattack

Australia's Medibank Private has taken some of its systems offline amid the detection of suspicious activity.

Yesterday, the company recorded unusual activity on its network. Medibank Private or Medibank is one of the largest Australian private health insurance providers, with almost four million customers.

There are no signs of private customer information being taken, according to the company’s press release, although the investigation is ongoing. For mitigation purposes, Medibank will be isolating and removing access to some customer-facing systems.

“We recognise the significant responsibility we have to the people who rely on us to look after their health and wellbeing and whose data we hold,” Medibank CEO David Koczkar said.

Later today, it was confirmed that the ahm and international student policy systems and its data were taken offline: it’s expected to remain this way for most of the day.

The customers are not currently requested to do anything, such as change their login details, but they can contact Medibank directly for assistance.

“We have spoken with the Australian Cyber Security Centre, APRA, Office of the Australian Information Commissioner, Private Health Insurance Ombudsman, the Department of Health and the Department of Home Affairs over the course of the day to ensure that our regulators and other key stakeholders are informed,” the company announced.

Customers will still be able to access Medibank’s health services as it works through the incident.

Amid the announcement of the incident, the company’s shares had entered a trading halt, as reported by Reuters.

Later, Medibank stated it had received a ransom demand for stolen customer data.

"Medibank is working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously at this time." the company said.

Over the last two months, two of the largest Australian telecom providers suffered cyber incidents. Telstra experienced a data leak via a third party, while Optus was hit by a cyberattack, with millions losing passport and driver's license numbers. This pushed the Australian government to revisit the country’s privacy laws, with the aim of reducing the amount of private information companies hold on citizens.