View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 16, 2022

Medibank cyberattack caused by high-level credential compromise

The health insurer released some details of the breach today, but says it will say more once a formal investigation is complete.

By Claudia Glover

Criminals behind the Medibank cyberattack gained access to the health insurance company’s network by stealing high-level credentials, its chairman said today. Medibank is otherwise staying tight-lipped about the attack and its cybersecurity set-up, with Deloitte having been called in to investigate the incident, which resulted in data on 9.7 million past and present customers and employees stolen.

Medibank refuses to add further detail as to how the company was hacked until the outcome of the investigation in a few months’ time. (Photo by kailim/Shutterstock)

Medibank has so far refused to meet the ransom demands of the cybercriminals behind the breach, and as a result data from the attack has started to leak on the dark web.

Medibank hacked using high-level credentials

During the company’s annual general meeting, held earlier today, Medibank chairman Mike Wilkins announced that cybercriminals infiltrated its systems using “high-level credentials”, which had the level of clearance needed to access a large amount of data. 

Wilkins also explained that the company had implemented multi-factor authentication (MFA) at the time of the attack, but did not offer any further detail about how the breach happened.

There were calls from shareholders for an explanation as to how the company was hacked and what its cybersecurity posture was at the point of the attack. Wilkins declined to comment on specifics, declaring instead that the company has embarked on an external investigation with consultants from Deloitte, deferring questions until after the investigation is complete. This is expected to take several months.

The value of Medibank’s shares has dropped by 18% in the past month as the magnitude of the breach became clear. It is thought Medibank could face class-action lawsuits from affected customers, which may end up costing the company millions of dollars.

How Medibank is responding to the cyberattack

Mitigatory efforts to comfort the victims of the attack are now underway. CEO David Koczkar said that, from Wednesday, the company would start contacting the 480,000 victims whose healthcare records had been leaked. These include victims of domestic violence.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Currently, there are no cybersecurity or IT experts at board level in Medibank, continued Wilkins. He and Koczkar were both adamant the company would continue to resist any ransom demands. “From the outset, Medibank has been committed to doing the right thing by our customers, our people and the community in relation to this crime,” Wilkins said. “This includes our decision not to pay any ransom demand for this data theft.”

Koczkar also used the opportunity to once again implore the public not to download any of the customer information available on the dark web. “We share the prime minister’s and the police’s call to all media and social media platforms to protect the community by not posting or publishing this information,” he said. “While we understand the public interest, reporting details of this crime only feeds the criminal’s need for notoriety.”

Some shareholders, however, were reportedly unimpressed, with one who spoke to the Brisbane Times describing the board’s response as “very poor” and saying that the company’s attitude to the incident had been “unsatisfactory”, while another said the company had been “asleep at the wheel” at the time of the breach.

Read more: Ransomware groups are getting smaller and smarter

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.