Disturbing details have emerged about the mysterious hacker who stole 200GB of confidential customer information from one of Australia's largest health insurers as experts warn the breach is 'very serious'.
Medibank said it would work closely with the Australian Federal Police as it investigates the cyber attack after the hackers responsible gained access to extremely sensitive information - including customer's doctors visits. 
In a statement on Thursday, the health insurer said the 'criminal' had provided a sample of customer records of 100 policies believed to have come from Medibank's ahm health insurance and international student systems.  
The data includes first names and surnames, addresses, dates of birth, Medicare numbers, policy numbers, phone numbers and some claims data. 
The stolen information also details the location a customer received medical services and codes relating to their diagnosis and procedures.
Medibank said the 'criminal' had provided a sample of customer records of 100 policies believed to have been stolen from ahm health insurance and international student systems (pictured, a Medibank branch in Sydney)
IT expert Paul Smith warned the Medibank breach 'has got very serious' after it was confirmed the major data breach was genuine on Thursday
IT expert Paul Smith warned the Medibank breach 'has got very serious' after it was confirmed the major data breach was genuine on Thursday.
'Confirmation, the hacker's data, Slot Bonus is genuine and includes where a customer received medical services, codes relating to diagnosis and procedures,' he tweeted.
'Plus names, addresses, DOB, Medicare numbers, policy numbers, phone numbers and some claims data.'
Cybersecurity journalist Jeremy Kirk said credit card data was the least of customer worries compared to more sensitive medical information.
'Medical codes related to diagnoses and procedures have to be amongst the most sensitive information about a person. Horrible.

And remember, paying a ransom doesn't mean this data becomes secure,' he tweeted.
Cybersecurity journalist Jeremy Kirk said credit card data was the least of customer's worries when compared to more sensitive medical information
Earlier this week, messages in broken English from the hacking group claim 200 gigabytes of sensitive information, including health records, was stolen (stock image)
Medibank CEO David Koczkar said he 'unreservedly apologised' for the breach. 
'I know that many will be disappointed with Medibank and I acknowledge that disappointment,' he said in a statement on Thursday. 
'This cybercrime is now the subject of an investigation by the Australian Federal Police.

We will learn from this incident and will share our learnings with others.
'Medibank will remain open and transparent and will continue to provide comprehensive updates as often as we can and need to.'
Pictured: Medibank CEO David Koczkar
The statement said a trading halt in Medibank shares will continue as the health insurer works with the AFP, government stakeholders and the Australian Cyber Security Centre (ACSC).
Earlier this week, messages in broken English from the hacking group claim 200 gigabytes of sensitive information, including health records, was stolen. 
The group said as a 'warning shot' it would contact the insurer's 1,000 most prominent customers including 'politicians, actors and activists'. 
From Thursday, Medibank will commence making direct contact with affected customers to inform them of this latest development, and to provide support and guidance on what to do next. 
Customers affected by the breach have been invited to speak to the insurer's mental health professionals discuss their concerns over the phone. 
RELATED ARTICLES



Share this article
Share


Medibank said it would work closely with the Australian Federal Police as it investigates the cyber attack alongside other 
Medibank has more than 3.9million customers.
The health insurer said last week it has taken immediate steps to 'contain the incident' and had brought in expert cybersecurity firms to work on the breach.
The steps included taking some of its customer facing computer systems offline.
The hack follows the country's biggest ever cyber breach when the personal details of up to 10 million Optus customers were exposed to hackers recently.
Telstra also revealed a data breach this month in which 30,000 current and former staff had their names and emails posted online.


adverts.addToArray({"pos":"inread_player"})Advertisement