Menu
On Wednesday 12th of October 2022, one of Australia’s largest private health insurance providers, Medibank Private Limited identified unusual activity which was discovered to be a precursor to a ransomware attack. In response, Medibank immediately took down parts of its IT systems to contain the threat and therefore disrupted its online services.
“Our ongoing investigation has found the unusual activity we detected in part of our IT network was consistent with a possible ransomware threat,” – CEO David Koczkar.
While David Koczkar stated that the company suffered a ransomware attack, they claim that no systems were encrypted during the attack. Although, since the original statement, Medibank has also confirmed that an internal investigation into the attack has shown that the threat actors accessed all of its customers’ personal data and a large amount of health claims data. This discovery was made after the ransomware gang made contact to extort the company, providing a sample of 100 stolen files out of an alleged 200GB of data stolen during the attack. Medibank soon realized that the threat actors had exfiltrated client data, so the internal investigation took a more targeted approach, eventually revealing a full-scale data breach.
Medibank has also stated that they have put in place additional security measures across their network and are continuing to work with external cybersecurity experts and the Australian Government’s lead cyber agency.
NCSC Threat Reports Feed© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.
