A fourth class action launched against Medibank arising from its data breach
February 9, 2023 |
One certainty with data breaches is that the breach is just the start of an organisations problems. The breach brings on costs of determining the extent of the damage, then dealing with the regulator if it becomes involved, notifying clients/customers, dealing with the media and shareholders and rectifying any damage caused by the breach. That usually involves engaging technical experts, public relations people, lawyers and hours of in house work. Then comes the class action if the breach is big enough.
The Medibank breach is large by any measure and huge by Australian standards. That resulted in 3 class actions being commenced last year. And as of 7 February 2023 a fourth class action was filed in the Federal Court. Medibank Private released a media release, titled unimaginatively Cybercrime – class action, stating:
A class action against Medibank was filed in the Federal Court of Australia today.
Medibank understands that these proceedings have been brought on behalf of current and former customers in relation to the cybercrime event Medibank has previously reported and are being brought by Baker & McKenzie and funded by Omni Bridgeway.
The statement of claim includes allegations of breach of contract, contraventions of the Australian Consumer Law, and breach of equitable obligations of confidence.
Medibank will defend the proceedings.
Medibank continues to support its customers from the impact of the cybercrime through our previously announced Cyber Response Support Program which includes mental health and wellbeing support, identity protection and financial hardship measures.
This, as usual, attracts unfavourable media coverage, such as the Australian’s Medibank’s legal woes grow with fourth class action. It provides:
Australia’s biggest health insurer Medibank says it will defend a class action from customers who are seeking compensation from the biggest cyber attack in the nation’s history.
Russian hackers accessed the health records and other personal information from almost 10 million current and former Medibank customers. After the company refused to pay a $15m ransom, it published customer claim data for sensitive conditions – including abortions, drug and alcohol abuse and mental health disorders – on the dark web.
Most of the data released was difficult to understand and link to customers. But lawyers Baker & McKenzie, which are representing customers, allege Medibank breached Australian consumer law over the data heist.
A Medibank spokeswoman said the company would defend the class action, which was filed in the Federal Court of Australia on Tuesday.
“Medibank understands that these proceedings have been brought on behalf of current and former customers in relation to the cybercrime,” the spokeswoman said.
“The statement of claim includes allegations of breach of contract, contraventions of the Australian Consumer Law, and breach of equitable obligations of confidence. Medibank will defend the proceedings.”
Law firms Maurice Blackburn, Bannister Law and Centennial Lawyers had been pursuing separate actions against Australia’s largest health insurer, but last month entered into a joint co-operation agreement against both Medibank and AHM in relation to the October breach.
Medibank chief executive David Koczkar and other executives kept their bonuses – worth more than $7.3m – despite the health records and other sensitive data of almost 10 million customers, including the Prime Minister, being exposed.
In November, the health insurer’s chair Mike Wilkins defended the group’s handling of one of Australia’s biggest data heists, facing a barrage of questions from shareholders at the company’s annual meeting in Melbourne.
The spokeswoman said Medibank continues to support its customers whose data was exposed during the attack via its Cyber Response Support Program, which includes mental health and wellbeing support, identity protection and financial hardship measures.”
The filing of the class action came on the same day that Medibank deferred its annual premium increase of 2.96 per cent by two months – a move which will cost it $59m.
This takes the total amount of funds returned to members during the pandemic to $1bn – the biggest “financial give back” from any Australian health insurance fund to date.
Medibank group executive, customer portfolios, Milosh Milisavljevic said: “We are committed to ensuring that private health insurance remains affordable and accessible for all Australians.
“With inflation and interest rates continuing to rise, we know that many Australian household budgets are under pressure, which is why we have worked hard to deliver our lowest premium increase in 22 years,” he said.
“Our Covid-19 support package and give back program has now reached a record $1bn. While public health measures implemented during Covid-19 have eased, claims still remain below expected levels, which is why we’re continuing to return savings to our customers.”
The two-month deferral of the premium increase will be applied automatically on April 1 to Medibank and ahm customers who hold an active resident hospital and/or extras policy or an active overseas visitors and workers policy.
“Customers who are no longer active but held an active resident policy between July 1 2022 and March 31 2023 will be eligible for a cash back in lieu of the premium increase deferral,” Medibank said.
Medibank shares closed up 2 per cent on Wednesday at $3.09.
The story has been covered by itnews, 7News and the AFR amongst others.