Medibank advised the Australian Stock Exchange this morning that more customer data – and of broader scope – appears to have been accessed during the recent cyber incident.
When it comes to cyber attacks, the main fear is identify theft and financial crime. While these cases are difficult and complex, there are things that can be done to protect the community: credit monitoring, the replacement of ID documents and bank cards.
But when it comes to health information, the potential harm is irreparable.
For Australians who struggle with mental health, with drug and alcohol addiction, with diseases that carry shame or embarrassment, these people are entitled to have their health information kept private.
Addressing the potential harms in this incident is a critical priority. The efforts of the Albanese Government to prevent and manage harm are extensive, with hundreds of people within government working to support Medibank’s response to this incident and to help protect affected customers.
Given the sensitive nature of the data, on Saturday I activated the National Coordination Mechanism to bring together agencies across the Federal Government, states and territories to ensure that all possible support is being provided to Medibank and all those uniquely vulnerable Australians affected by this incident.
The NCM is a crisis response model developed to manage particularly difficult aspects of the COVID pandemic that brings together all relevant departments, agencies, and other stakeholders to share information and coordinate an appropriate response.
Other work of government in response to this incident includes:
- Ongoing technical advice and assistance from Australian Government agencies, including the Australian Signals Directorate.
- Australian Federal Police Operation Pallidus investigating the Medibank data breach
- ASD and AFP staff working side-by-side with Medibank technical operators.
- Services Australia and Department of Health working closely with Medibank Private to identify what information has been exposed and to make sure that government support services are available.
Medibank is cooperating with government in responding to this incident. We expect the company to continue to swiftly provide the government with all information it needs as a matter of urgency.
The Albanese Government is also progressing longer term options to help protect Australians from future incidents.
This includes a new Cyber Security Strategy to build whole of nation cyber resilience, a review of the Privacy Act and tougher penalties for repeated or serious data breaches.
This incident is another reminder for Australian governments, businesses and citizens to be vigilant about their cyber safety. Helpful resources can be found at cyber.gov.au
Further information about what you can do if you think you have been affected can be found on the Department of Home Affairs website
