Medibank's Cyber Crisis: Medical Insurer with Unsure Cybersecurity

Health insurance is vital when protecting one's well-being whilst remaining fiscally responsible. Medical Insurance providers, beyond safeguarding our health, have a critical responsibility to keep your personally identifiable information and health data secure, especially considering the prices we pay and the sensitive nature of the data they manage. In the case of Medibank, one of Australia's largest private health insurance providers, they learnt the hard way how far-reaching the impact of that responsibility was once it was breached by malicious threat actors in 2022, resulting in one of the largest data breaches in Australian history which highlighted, in brutal fashion, the far-reaching consequences of inadequate cybersecurity measures. This breach culminated in the exfiltration of 520GB of data which included the PII (Personally Identifiable Information) and sensitive health data of over 9.7 Million customers. Medibank would have to face severe consequences in the forms of monetary loss, reputational damage and class action lawsuits whilst their customers are left with the fallout of their very private, and very sensitive data being exposed to the public.

Source: https://www.thenewdaily.com.au/finance/2024/06/05/medibank-data-federal-court

Today, we will dive into the root cause of this data breach, the outcomes for Medibank and its customers and suggest ways to mitigate a similar attack in any organisation/industry. Shining a light on how the continued review of your organisation's cyber security posture can prevent the same fate from befalling your enterprise. Who is Medibank?