IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Medibank bleeds $26 million in cyber costs following hack

The company believes this figure could rise to $45 million for the 2023 financial year

Medibank has revealed that it has suffered $26.2 million AUD (£14.7 million) in cyber crime-related costs following the hack of its systems in the second half of 2022.

It expects its cyber crime costs to be around $40-$45 million for the 2023 financial year. This involves additional investments in IT security, but excludes further customer and other remediation, regulatory, or litigation-related costs.

According to IBM's figures in 2022, the average cost to an Australian organisation following a ransomware attack was $4.5 million, putting Medibank's losses considerably above the average.

The attacker accessed its systems through a stolen username and password belonging to a third-party IT service provider, Medibank revealed. This was used to access the company’s network through a misconfigured firewall which lacked an additional digital security certificate.

The company said the attacker then went on to obtain more usernames and passwords to access other systems. Since the company was alerted to the attack on 11 October, it confirmed that it hasn’t detected any additional criminal activity on its systems since 12 October.

“We recognise the significant impact the cyber crime event has had on our customers. We will continue to support them through our Cyber Response Support Program, which includes mental health and wellbeing support, identity protection, and financial hardship measures,” said David Koczkar, CEO at Medibank.

Related Resource

A roadmap to Zero Trust with Cloudflare and CrowdStrike

Achieve end-to-end protection across endpoints, networks, and applications

Webinar screen with topic discussion and contributor photosWatch now

“There is more work to do, and the lessons we have learnt from the cyber crime will continue to shape our response and we will emerge stronger.”

Since the attack, the company said it has implemented greater security controls, including ensuring its firewall authentication is fully configured across its entire network.

It has also improved its network monitoring and added further detection and forensics capabilities to help defend against the 18 million perimeter attacks it experiences every day.

An unknown hacker targeted Medibank in October 2022 and threatened to release stolen data unless the company paid a ransom.

Data belonging to 9.7 million former and current customers was exposed, which was believed to include information like health claims data and passport numbers. At the time, the company thought the hack could set it back by $25-$35 million, especially since it didn’t have cyber insurance.

Medibank delivered its most detailed account of the 2022 attack in its half-year earings report released on Thursday.

It reported a gross profit of $233.3 million, an increase of 5.9% compared to the previous half-year. Over the past year, the company has gained around 35,000 customers, despite losing 13,000 clients following the attack in the second half of 2022.

Featured Resources

IT best practices for accelerating the journey to carbon neutrality

Considerations and pragmatic solutions for IT executives driving sustainable IT

Free Download

The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize

Free download

Using application migration and modernisation to supercharge business agility and resiliency

Modernisation can propel your digital transformation to the next generation

Free Download

The strategic CFO

Why finance transformation propels business value

Free Download

Recommended

Latitude hack leaves customers unable to protect their accounts
cyber attacks

Latitude hack leaves customers unable to protect their accounts

20 Mar 2023
Baidu unveils 'Ernie' AI, but can it compete with Western AI rivals?
artificial intelligence (AI)

Baidu unveils 'Ernie' AI, but can it compete with Western AI rivals?

16 Mar 2023
Meet the charity shaping Australia and New Zealand's data breach response
cyber crime

Meet the charity shaping Australia and New Zealand's data breach response

15 Mar 2023
UK startup's Equinix deal marks step towards broad quantum computing access
high-performance computing (HPC)

UK startup's Equinix deal marks step towards broad quantum computing access

14 Mar 2023

Most Popular

HMRC lost nearly 50% more devices in 2022
Hardware

HMRC lost nearly 50% more devices in 2022

17 Mar 2023
The big PSTN switch off: What’s happening between now and 2025?
Sponsored

The big PSTN switch off: What’s happening between now and 2025?

13 Mar 2023
Outlook zero day patch causes headaches for Windows admins
Security

Outlook zero day patch causes headaches for Windows admins

15 Mar 2023