Australia admits cyber defences 'inadequate' as medical hack hits millions

The hackers have previously threatened to leak the data, starting with 1,000 famous Australians, unless Medibank pays a ransom.

Published: 26th October 2022 10:43 AM  |   Last Updated: 26th October 2022 10:43 AM   |  A+A-

hacking, snooping, cyber crime

Representational Image. (File Photo)


SYDNEY: Hackers accessed millions of medical records at one of Australia's largest private health insurers, the company said Wednesday, prompting the government to admit the nation's cyber safeguards were "inadequate".

This was the latest in a series of hacks targeting millions of people that have brought Australian companies' lax approach to cyber security into sharp relief.

Medibank chief executive David Koczkar said information about each of the company's 3.9 million policyholders -- some 15 per cent of Australia's population -- had been compromised.

"Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data," he said in a statement to the Australian stock exchange.

"This is a terrible crime. This is a crime designed to cause maximum harm to the most vulnerable members of our community."

The cyber attack was revealed last week, but it was not known until now how many people were impacted.

The hackers have previously threatened to leak the data, starting with 1,000 famous Australians, unless Medibank pays a ransom.

Medibank on Wednesday also confirmed it was not insured against cyber attacks, estimating the hack could cost the company as much as 35 million Aus dollar (USD 22 million).

The Medibank hack followed an attack on telecom company Optus last month that exposed the personal information of some nine million Australians -- almost a third of the population.

The Optus attack was one of the largest data breaches in Australian history.


Australia's Attorney-General Mark Dreyfus has previously accused companies of stockpiling sensitive customer data they did not need.

Firms currently face paltry fines -- 2.2 million Aus dollar -- for failing to protect customer data.

Dreyfus last week said these fines would be ratcheted up to 50 million Aus dollar.

"Unfortunately, significant privacy breaches in recent weeks have shown existing safeguards are inadequate," he said.

ALSO READ | Infosys extends Living Labs ecosystem to start-ups in Australian

"It's not enough for a penalty for a major data breach to be seen as the cost of doing business."

Home Affairs Minister Clare O'Neil on Tuesday said the fallout from the Medibank hack was "potentially irreparable".

"One of the reasons why the government is so worried about this is because of the nature of the data," she told Australia's parliament.

ALSO READ | Japan, Australia agree to boost defense pact amid China's growing threat in Asia-Pacific region

"When it comes to the personal health information of Australians, the damage here is potentially irreparable."

O'Neil has previously described hacking as a "dog act" -- an Australian phrase reserved for something especially shameful or despicable.


Disclaimer : We respect your thoughts and views! But we need to be judicious while moderating your comments. All the comments will be moderated by the editorial. Abstain from posting comments that are obscene, defamatory or inflammatory, and do not indulge in personal attacks. Try to avoid outside hyperlinks inside the comment. Help us delete comments that do not follow these guidelines.

The views expressed in comments published on are those of the comment writers alone. They do not represent the views or opinions of or its staff, nor do they represent the views or opinions of The New Indian Express Group, or any entity of, or affiliated with, The New Indian Express Group. reserves the right to take any or all comments down at any time.

flipboard facebook twitter whatsapp