Australia admits cyber defenses 'inadequate' as medical hack hits millions
Published: Oct 26, 2022 09:20 PM
Hackers accessed millions of medical records at one of Australia's largest private health insurers, the company said on Wednesday, prompting the government to admit the nation's cyber safeguards were "inadequate."

This was the latest in a series of hacks targeting millions of people that have brought Australian companies' lax approach to cyber security into sharp relief.

Medibank Chief Executive David Koczkar said information about each of the company's 3.9 million policy holders - some 15 percent of Australia's population - had been compromised.

"Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data," he said in a statement.

"This is a terrible crime. This is a crime designed to cause maximum harm to the most vulnerable members of our community."

The cyber attack was revealed last week, but it was not known until now just how many people were impacted.

The hackers have previously threatened to leak the data, starting with 1,000 famous Australians, unless Medibank pays a ransom.

Medibank on Wednesday also confirmed it was not insured against cyberattacks, estimating the hack could cost the company as much as A$35 million ($22 million).

The Medibank hack followed an attack on telecom company Optus in September that exposed the personal information of some 9 million Australians.