Medibank, which faced a massive cyberattack last year, has confirmed that the data leak extended to one of its brands – ahm.
A potential customer who obtained a quote from ahm received an email from the provider, informing them that their data had been stolen and posted by hackers online, ABC reported.
The leaked data of those who requested quotes included full names, birthdates, emails, genders, addresses, and phone numbers, according to ABC.
In the email, ahm apologised, noting that it “recognised the distress that this may cause.”
Commenting on the data leak, Private Healthcare Australia chief executive Rachel David said that the length of time organisations kept information from people who obtained quotes varied.
“I do think a couple of years sounds a little excessive,” David said, as reported by ABC. “I think, in light of the issues that have occurred with the data breach, this is one of the things that health funds will be reviewing.”
A Medibank spokesperson said the insurer retained information related to quotes for “a period of time as prospective customers usually shop around and often end up coming back to take up a policy with us.”
“Rather than customers needing to enter all their information again, their quote remains in the system for a period of time,” the spokesperson said, as reported by ABC. “We sincerely apologise to all customers who have been impacted by the cybercrime.”
The cyberattack against Medibank hit headlines in Australia last year, with the stolen data including hundreds of customers' names, addresses, and birthdates.
At the insurer’s 2022 AGM in November, Medibank chair Mike Wilkins dug into the cyberattack, noting the insurer's decision to commission an external review to learn more about the incident and strengthen its ability to safeguard its customers.
With the cyberattack causing distress and concern for many Medibank customers, employees, and shareholders, Wilkins said the insurer was prioritising supporting affected customers through a dedicated cyber response support program.
“Throughout our almost 50-year history, our focus on customers and improving the health and wellbeing of all Australians has been unwavering. It's the reason we were founded, and it's the reason we exist today,” Wilkins said at the AGM.
At the end of 2022, global firm Palo Alto Networks (Palo Alto) warned the Australian healthcare sector to brace itself for cyberattacks and discuss whether hospitals, government services providers, and businesses would pay cybercriminals a ransom.
Sean Duca, vice president and regional chief security officer of Asia-Pacific and Japan at Palo Alto, said Australians have become more aware of cybercrimes' aftermath. However, they must focus on the potential for cybercrimes to cripple systems.