Australia's Medibank Says Data of All 4 Million Customers Accessed By Hacker (reuters.com) 21
An anonymous reader quotes a report from Reuters: Australia's biggest health insurer, said on Wednesday a cyber hack had compromised the data of all of its of its nearly 4 million customers, as it warned of a $16 million to $22.3 million hit to first-half earnings. It said on Wednesday that all personal and significant amounts of health claims data of all its customers were compromised in the breach reported this month, a day after it warned the number of customers affected would grow.
Medibank, which covers one-sixth of Australians, said the estimated cost did not include further potential remediation or regulatory expenses. The company reiterated that its IT systems had not been encrypted by ransomware to date and that it would continue to monitor for any further suspicious activity. "Everywhere we have identified a breach, it is now closed," John Goodall, Medibank's top technology executive, told an analyst call on Wednesday. "Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data," chief executive David Koczkar said in a statement. "I apologize unreservedly to our customers. This is a terrible crime -- this is a crime designed to cause maximum harm to the most vulnerable members of our community."
Medibank, which covers one-sixth of Australians, said the estimated cost did not include further potential remediation or regulatory expenses. The company reiterated that its IT systems had not been encrypted by ransomware to date and that it would continue to monitor for any further suspicious activity. "Everywhere we have identified a breach, it is now closed," John Goodall, Medibank's top technology executive, told an analyst call on Wednesday. "Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data," chief executive David Koczkar said in a statement. "I apologize unreservedly to our customers. This is a terrible crime -- this is a crime designed to cause maximum harm to the most vulnerable members of our community."
Oh noez! It wuz a haXx0r! (Score:1)
Sorry, medibank, the criminal is YOU!!!
Criminal negligence is the problem, and that is all you. It's telling that the first thing on your mind after you let the goods be compromised, is your profit.
Re: (Score:2)
I know they're out of fashion, but it seems like you missed out on an excellent opportunity for a Russian Reversal.
Sooo (Score:2)
question (Score:2)
"Everywhere we have identified a breach, it is now closed," John Goodall, Medibank's top technology executive, told an analyst call on Wednesday.
What about everywhere there might be a future breach, and why was the same question not asked every month. I do believe they consider themselves only beholden to their shareholders. This should be the end of their company in my opinion, they should manage a transition to a more worthy successor that doesn't re-employ any of the old C suite execs
Re: (Score:2)
...This should be the end of their company in my opinion, they should manage a transition to a more worthy successor that doesn't re-employ any of the old C suite execs
Why because the new C suite execs are educated and trained to act any differently?
You're right that they are rather corruptly beholden to shareholders. And that didn't happen overnight, so don't assume you can come at that problem with an instant-mix solution.
Re: (Score:2)
Re: (Score:2)
They seem to understand golden parachutes. The government should tax all golden parachute payouts at 100% if the exec lost their job because of a security breach and make a C-purge mandatory for all publicly traded companies if there is a moderate to severe security issue
Re: (Score:2)
The position that scares me is head of computer security (whichever acronym it goes under) ... worked for two of the largest financial institutions in North America, and in both cases the individual in that role, while not computer illiterate, had close to zero understanding of any aspect of computer security. They got to their roles through politicking. Mostly, there are a few individuals in that department who get things done correctly. Mostly. But with the push towards 3rd party products/services - a
Aus has been under the radar (Score:2)
Re: (Score:1)
That's the result of government digitisation efforts in general. Pay peanuts, get monkeys. Little accountability, little liability.
Re: (Score:2)
That's the result of government digitisation efforts in general. Pay peanuts, get monkeys. Little accountability, little liability.
Medibank Private was never a government department, hence it's called Medibank Private (shortened to Medibank). It was once a corporatized non-profit private health insurer (essentially a private corporation with one shareholder, the govt). Went for profit in 2009 and fully privatised in 2014. They've been listed on the Australian Securities Exchange since.
Hence the hackers only managed to get data on 4 million Australians, not the 24 million serviced by Medicare Australia (the public health care payment
"We're sorry" (Score:2)
Medibank apologised to its customers for the cyber attack.
"Sorry" doesn't cut it. What are the average damages to an average customer? Some won't care. Others could have their lives ruined, by having private medical information revealed.
Whatever those damages are, needs to be paid out, funded by deductions from CxO salaries and bonuses. So that, maybe, they will invest in security in the future.
I recommend our approach (Score:2)
Security blunders dropped to near zero once laws were put in place that made C-Levels personally (that is, with their money) responsible for criminal neglect.
It also meant that suddenly security budget went up by magnitudes. Must have been a total coincidence.
And yet (Score:2)
While institutions simply give millions of people's personal data every day. And no end in sight. Always a simple access route. Usually completely open to the world.
So with low hanging fruit like that, who's going to compromise a single person's computer when they can get millions of people's entire data set with less effort? There is o
Just some context for Americans (Score:1)
Australians in general don't give anywhere near as many shits as Americans or Brits when it comes to openly discussing medical issues.
This hack is not good in any form, but I feel like Americans will dive straight to the "OMG they know what I said to my doctor" rather than the far more important personal information that could lead to identify theft.
IT security = impossible job (Score:1)
while our computing is being leveraged for surveillance and data harvesting we'll never be secure.
just wondering (hoping) if i'll be dead by the time it reaches peak idiocy, but seems to be accelerating.