Hackers Have Already Cost Medibank $26m

The biggest cyber attack in Australia’s history has sparked an exodus of customers from Medibank, the health insurer, and it says it has started to return to policyholder growth. Medibank has now revealed that it has suffered $26.2 million AUD (£14.7 million) in cyber crime-related costs following the hack of its systems in the second half of 2022.

Medibank said, “Given the nature of this crime, we now believe that all of the customer data accessed could have been stolen by the criminal.”

It expects its cyber crime losses to amount to $40-$45 million for the 2023 financial year. This involves additional investments in IT security, but excludes further customer and other remediation, regulatory, or litigation-related costs.

The attacker accessed its systems through a stolen username and password belonging to a third-party IT service provider, Medibank has said. This was used to access the company’s network through a misconfigured firewall which lacked an additional digital security certificate. Medibank chief executive David Koczkar says the embattled health insurer is prioritising contacting its most vulnerable customers after it ruled out paying a ransom, telling nearly 10 million Australians to prepare to see their information online or to receive a call from the hackers.

Four weeks after first telling government no customer data had been taken, Medibank was forced to admit 9.7 million Australians have had their data stolen, including people who could be in significant danger if their information is misused.

Recently the company said it has implemented greater security controls, including ensuring its firewall authentication is fully configured across its entire network. It has also improved its network security to help defend against the 18 million perimeter attacks it experiences every day.

Medibank was evidently considered a juicy target, having announced a gross profit of $233.3 million, an increase of almost 6% compared to the previous half-year. Over the past year, the company has gained around 35,000 customers, despite losing 13,000 clients following the attack in the second half of 2022. 

Medibank:      ITPro:     The Australian:    ABC:    AFR

You Might Also Read: 

Four Major Cyber Attacks In 2022: How To Not Repeat History In 2023:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Britain's New Security Agency To Counter Chinese Hacking 
AI Is Creating New Mobile Scamming Threats    »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Bob's Business

Bob's Business

Bob's Business adopts a fresh approach to information security awareness and compliance training, delivering key information through the use of short animated movies.

CyberDefenses

CyberDefenses

CyberDefenses services combine best-in-class cybersecurity oversight, managed services and training to help our clients truly address their cybersecurity challenges.

Techmeme

Techmeme

Techmeme is an online news curation service focused on leading edge technology, including cyber security.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CARICERT

CARICERT

CARICERT is the National Cyber Emergency Response Team of Curacao in the Caribbean.

CopSonic

CopSonic

Copsonic provide a technology solution based on ultrasonic waves to send secure and encrypted data between two devices in order to achieve authentication.

Cervello

Cervello

Cervello is a leading provider of comprehensive and proven solutions to protect railways against cyber attacks.

EVOLEO Technologies

EVOLEO Technologies

EVOLEO provides engineering services covering a wide range of needs in the electronics design, embedded and systems engineering.

BlackCloak

BlackCloak

BlackCloak provides Concierge Cyber Security for high-net-worth individuals and corporate executives to protect them from cybercrime, reputational risks, hacking and identity theft.

Acceptto

Acceptto

Acceptto offers the first unified and continuous authentication identity access platform with No-Password.

RocketCyber

RocketCyber

RocketCyber is a Managed SOC platform empowering Managed Service Providers (MSPs) to deliver security services to small and medium businesses.

RiskOptics

RiskOptics

RiskOptics (formerly Reciprocity) equips organizations with one of the most intuitive and powerful information security and cyber risk management solutions in the market.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

Obsidian Security

Obsidian Security

Protect your business-critical applications by mitigating threats and reducing risk with Obsidian, the first truly comprehensive security solution for SaaS.

Effectiv

Effectiv

Effectiv is a real-time fraud & risk management platform for Financial Institutions and Fintechs.

ITButler e-Services

ITButler e-Services

At IT Butler, our mission is crystal clear: we are dedicated to providing top-tier cybersecurity solutions and best-practice methodologies to secure and enhance your digital infrastructure’s resilienc