Changes are happening - please bear with us while we update our site.

Changes are happening - please bear with us while we update our site. Click here to give us your advice and feedback.

Medibank (ASX:MPL) share price in focus, won’t pay ransom

The Medibank Private Limited (ASX:MPL) share price is under the spotlight today on the private health insurer's latest cybersecurity update.

The Medibank Private Limited (ASX: MPL) share price is under the spotlight today on the private health insurer’s latest cybersecurity update.

For readers that don’t know, Medibank has been telling investors over the past three weeks about a cyber incident / hack. The news has been getting progressively worse.

Customer data accessed

The private health insurer said that based on its investigation, the criminal has accessed the name, date of birth, address, phone number and email addresses for around 9.7 million current and former customers, and some of their authorised representatives.

This represents around 5.1 million Medibank customers, around 2.8 million ahm customers and around 1.8 million international customers.

It also said that the criminal has accessed Medicare numbers, but not expiry dates, for ahm customers. It has also accessed passport numbers, but not expiry dates, and visa details for international student customers.

Medibank also noted that the criminal may have accessed health claims data for around 160,000 Medibank customers, around 300,000 ahm customers and around 20,000 international customers.

A warning for customers

Medibank said that customers should remain vigilant as the criminal may publish customer data online or attempt to contact customers directly.

The private health insurer said customers should change passwords regularly, activate multi-factor authentications, being alert for phishing scams via phone, post or email, not open texts from unknown numbers and so on.

Medibank said that if someone is a victim of cybercrime, they can report at ReportCyber on the Australian Cyber Security Centre website.

No ransom

After apologising again, the company’s CEO David Koczkar said that no ransom payment will be made to the criminal.

Mr Koczkar said:

Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published.

In fact, paying could have the opposite effect and encourage the criminal to directly extort our customers, and there is a strong chance that paying puts more people in harm’s way by making Australia a bigger target.

The company noted this decision is consistent with the position of the Australian Government.

Final thoughts

Medibank will commission an external review to ensure that it learns from this cyberattack and continues to strengthen its ability to safeguard customers.

The Medibank share price is down 18% since 19 October 2022. I’m not sure if this is an opportunity and how much it will affect its policyholder numbers. I’d put this in the ‘too hard’ basket.

I do think that Australian organisations needs to continually improve their cybersecurity and processes.

At the time of publishing, Jaz does not have a financial or commercial interest in any of the companies mentioned.
Skip to content