An attack on Medibank Private has caused some of its customer-facing systems to be taken offline, disrupting some services to its 3.7 million members.
Unusual activity detected by Medibank
A cybersecurity firm worked with Medibank to contain the incident after detecting unusual activity.
David Koczkar, CEO of Medibank Private, apologised for the breach and said the group would take “decisive action to protect” customers.
“We recognise the significant responsibility we have to the people who rely on us to look after their health and wellbeing and whose data we hold,” Mr Koczkar said.
No evidence of compromised data has been found
Customer data has not been compromised, but the firm is still testing to ensure no sensitive information has been exposed.
“At this stage there is no evidence that any sensitive data, including customer data, has been accessed,” Medibank said in a statement to the ASX.
“We are working around the clock to understand the full nature of the incident, and any additional impact this incident may have on our customers, our people and our broader ecosystem.”
Systems from Medibank suspended temporarily
According to Medibank, it will continue to provide updates as it works with experts to determine the full extent of the breach. Their AHM and international student policy management systems have been taken offline and are expected to remain offline until further notice.
Medibank also requested a trading halt on the ASX while it investigated.
“As part of our response to this incident, Medibank will be isolating and removing access to some customer-facing systems to reduce the likelihood of damage to systems or data loss.”
Despite the systems being offline, Medibank said it would not interrupt its provision of health services.
“Medibank’s health services continue to be available to our customers, this includes their ability to access their health providers, as we work through this incident,” it said.