A news development on the recent cyberattack against Australia’s health insurance firm Medibank revealed that the ransomware actors behind it had accessed all of its customers’ personal and medical data.
The affected health insurance firm listed which data was compromised in the security breach incident, which includes all ahm health insurance firm’s customers’ personal and medical data, all international student customers’ personal and medical data, and all Medibank customers’ personal and medical data.
Medibank confirmed that the cyberattack actors had stolen all data that they were able to get access to.
Based on the health insurance firm’s latest announcement, they have found evidence that the hackers responsible for the cyberattack has removed the data they had accessed, letting customers know that all of those data had been stolen.
For this reason, Medibank warns all customers to be vigilant against threats of attacks and report them to authorities as it happens, as hackers could use their information for malicious activities.
The initial announcement of the Australian health insurance firm stated that they had found no proof that the ransomware actors had collected data from the accessed database. The firm added that the hackers did not encrypt any critical files.
The firm has now confirmed that a massive customer database was stolen. It could also be considered that file encryption had also transpired. Medibank was also pushed to investigate the incident further after a threat group had reached out and provided samples of the stolen data from them worth 200GB in file size.
This investigation resulted in the discovery of the actual cyberattack’s impact on them.
As a way to express assistance to the affected customers, Medibank provided them with financial support, free identity monitoring, fee reimbursement, IDCARE specialists’ identity protection advice, and mental health and wellbeing support line.
Because of the recent massive data breaches against Australian companies, the government has proposed tougher penalties for those failing to protect consumers’ data against threat actors. This proposal states that stricter data protection laws must be executed to challenge companies to enhance their security protocols, including increasing privacy breach penalties from 2.22 million AUD to 50 million AUD.
Medibank is said to not to be affected by this proposed law since it has yet to be implemented.
