Emergency powers activated to respond to Medibank hack

Denham Sadler
National Affairs Editor

An emergency management tool developed to respond to the Covid pandemic has been activated by the federal government to deal with the escalating Medibank cyber-attack.

Medibank on Tuesday revealed that more customer data than originally thought had been accessed by the hackers, including its Medibank private health insurance customers.

Cyber Security minister Clare O’Neil revealed that the National Coordination Mechanism had been activated over the weekend to respond to the significant breach, which involves highly sensitive health information.

The mechanism brings together agencies across the federal government, state and territory governments and private sector stakeholders to communicate and collaborate throughout a response to a crisis.

It was developed by the former Coalition government and driven by Emergency Management Australia to respond to the Covid-19 pandemic and has since been embedded as a permanent tool in the government’s arsenal when responding to a crisis.

Cyber Security Minister Clare O’Neil

This mechanism will “ensure that all possible support is being provided to Medibank and all those uniquely vulnerable Australians affected by this incident”, Ms O’Neil said.

The Minister said that the damage from the hack will be potentially “irreparable”.

“For Australians who struggle with mental health, with drug and alcohol addiction, with diseases that carry shame or embarrassment, these people are entitled to have their health information kept private,” Ms O’Neil said. “Addressing the potential harms in this incident is a critical priority.”

“The efforts of the Albanese government to prevent and manage harm are extensive, with hundreds of people within government working to support Medibank’s response to this incident and to help protect affected customers.”

The Australian Signals Directorate is also offering technical advice, while the AFP is investigating the breach. Services Australia and the Health department are working with Medibank to identify what information has been exposed.

Australia’s privacy watchdog has also launched preliminary inquiries into the cyber-attack to “ensure compliance with the requirements of the Notifiable Data Breaches scheme”.

Speaking in Parliament on Tuesday, Ms O’Neil labelled the hack a “dog act” and the hackers as the “scum of the earth”.

Compromised Medibank data includes names, addresses, dates of birth, Medicare numbers, phone numbers and the “location of where a customer received medical services, and codes relating to their diagnosis and procedures”.

The cyber-attack was disclosed by Medibank earlier this month, as the company was forced to take two customer-facing systems offline due to “unusual activity on its network”. At that time, the company said there was no evidence of data being compromised.

But last week the company was contacted by the alleged hackers, who claimed they had stolen 200GB of data, and threatened to contact the 1000 most prominent customers with their own personal information.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories