Health insurance giant Medibank has experienced a data breach in which 200GB of medical records have been stolen by a hacker and held to ransom.
The company originally thought that the attack involved ransomware, however it actually seems to be a case of data exfiltration.
So far, the hacker has leaked around 100 records, containing information including medical conditions and addiction treatment records. It is unknown though how much the ransom is.
There hasn’t been an official confirmation, but some reports indicate the Medibank medical records were stolen from budget provider ahm (formerly Australian Health Management) which sells low-cost policies.
Medibank has 3.7 million customers and a market share of around 27 per cent, making it the largest health insurance provider in Australia. ahm reportedly has information about one million of the company’s health insurance customers in its system.
In response to the breach, the health insurance firm has added staff to its customer support lines. It asks that anyone who thinks they have potentially been impacted by the breach should call 13 23 31 if they have a health insurance policy with Medibank or 13 42 46 if they have a policy with ahm.
Company CEO David Koczkar also issued a formal apology for the breach.
A recent report by cybersecurity experts VPN Overview found that the healthcare and insurance industries are some of the biggest offenders for the loss of customers’ personal and private data.