Medibank shuts all branches and goes offline from tomorrow night until Sunday to work on cyber security …the cost of the data breach rises

December 8, 2022 |

The woes of Medibank continue with it going offline this weekend to revamp/enhance/add data security.  It has put the best spin on it with its media release Medibank to undertake ‘Operation Safeguard’ at the weekend.  What few organisations really appreciate is the very heavy financial cost of dealing with a data breach.  The expense of bringing in experts to manage the immediate crisis becomes an costly exercise in determining the extent of the damage, then staff or consultants to liaise with media and government.  The costs continue with offering support to affected clients/customers/patients and then revamping an organisation’s security network. which is where Medibank finds itself.  Medibank also has to deal with an investigation by the Information Commissioner and a possible class action.

The media release provides:

Medibank and ahm systems will be temporarily offline from 8.30pm AEDT Friday 9 December 2022 as we undertake some maintenance to further strengthen our systems and enhance security protections.

We expect the systems will be back online Sunday 11 December 2022 at the latest.

While there has been no further suspicious activity detected inside our systems since 12 October 2022, as part of the next stage of our work we are undertaking maintenance across some of our systems to further strengthen security.

This follows the recent addition of two-factor authentication in our contact centres to increase the level of security for our customers when they call for support.

We apologise for the inconvenience this operation may cause customers, but this is the next necessary phase of our ongoing work to further safeguard our network, called ‘Operation Safeguard’.

Since the cybercrime we have bolstered existing monitoring, added further detection and forensics capability across the Medibank system and network and have scaled up analytical support via specialist third parties.

This is a planned operation that involves IT security experts from Microsoft who are joining us in our Melbourne headquarters from across the Asia-Pacific region over the weekend. Given the complexity of the maintenance activities and the requirement to take our systems offline this operation has been in the planning stages for several weeks.

We are also continuing to analyse the information released by the criminal on the dark web. We can confirm that the number of customer files stolen remains unchanged. We continue to communicate to our customers, and this week we will begin to communicate with some customers who had limited provider related data stolen, such as provider number, admission date and discharge date. Like most of the data stolen, this data has been released in a raw form and is hard to understand.

During the operation customers won’t be able to access Medibank or ahm services through the website or app and HICAPS won’t be available for claiming on the spot.

Our retail stores and customer contact centre will also be closed Saturday 10 December 2022.

Amplar Health services such as our 24/7 critical health support lines will not be impacted by the operation.

As would be expected this extraordinary event has been widely reported, including by the Sydney Morning Herald with Medibank to shut down for weekend cybersecurity overhaul, the Australian Financial Review with Medibank calls in Microsoft, closing services over weekend and Medibank Shutting All Branches, Going Offline, In Security Overhaul.

Leave a Reply

Verified by MonsterInsights