When we told you about the Medibank Cyber Attack there was no evidence that customer information had been accessed by the alleged hackers. Today, things look much different with Medibank reporting to their customers that there may be a much bigger concern.

The Sydney Morning Herald reports that Medibank is now the subject of a ransom demand from an unnamed group claiming they have accessed a vast amount of personal data.

The claim, sighted by the SMH makes it clear they plan to use the data for their own benefit.

“We offer to start negotiations in another case we will start realizing our ideas like 1. Selling your Database to third parties 2. But before this we will take 1k most media persons from your database (criteria is: most followers, politicians, actors, bloggers, LGBT activists, drug addictive people, etc) Also we’ve found people with very interesting diagnoses. And we’ll email them their information.”

Acting quickly to update their customers, Medibank said in an email over night that “Earlier today, we received messages from a group who claim to have removed customer data. We are working urgently to establish if the claim is true, although based on our ongoing forensic investigation we are treating the matter seriously at this time.”

The last line of that is alarming, given Medibank say they have a forensic investigation AND are treating this claim seriously. That indicates some level of concern that the claims are real.

UPDATE: Medicare has confirmed the criminal seeking a ransom does indeed have legitimate customer data

Medibank systems are not affected, but with personal health, diagnosis and treatment information potentially in the hands of bad actors, this will be worrying for individuals.

How is this different to the Optus Attack?

Firstly, the scale is different, though still enormous. Potentially almost 4 million users data are involved. That includes the sub-brand AHM.

Secondly, it’s unlikely to result in Identity fraud as easily, because it may not include personal IDs, but the risk is that your personal medical history is able to be shared online or used against you.

How do we know the ransom claim is real?

We won’t, at least until the AFP or Medibank confirm such. We have to assume right now it is, but it shouldn’t take long for Medibank to confirm if data was extracted from their network.

For now – assume it is.

UPDATE: Medicare has confirmed the criminal seeking a ransom does indeed have legitimate customer data

What can the hacker do with my medical information?

Do you want people knowing what treatments you’ve had? What medical conditions you have? What medicines you take?

Probably not. So the most likely outcome here is that the information is used against you in a scam.

What might a scam look like?

The biggest and most immediate risk, is ransom. Given it’s utterly unlikely that Medibank will pay the ransom asked of them, if hackers really do have your information they will come to you for money.

Imagine getting an email saying “Hi Trevor, we obtained your personal medical information by hacking Medibank. We know you have six fillings and two crowns from your dental record, and your last visit was on March 21, unless you want this and all other medical information made public – you will pay us $1,500 by the end of the day via bitcoin”

Some of us will shrug it off – ok, so I’ve had some issues with my teeth. But others might have stints in rehab, addictions, private medical conditions they’ve not shared even with their friends and this demand will shock them, and they may consider paying.

Bottom line, don’t. You can’t trust a scammer. Pay them, and they will ask for more money.

Additionally, there’s a risk of phishing scams too. You might get emails from “Medibank” that look almost identical to those you’ve gotten from Medibank in recent days. But they will say “to protect our systems and your information you can opt out of data retention and have your medical history deleted, click here to initiate that process”. Many will do that.


The ONLY link Medibank is sending in their emails is to their own website. And frankly, don’t click that. Close your email, open a browser and go direct to the Medibank website.

How can I trust emails I receive from Medibank?

If a hacker has your information, you can’t.

Take any email as information only, and If there is a call to action, or a concern over anything in the email – call Medibank, or visit their website information page.

Don’t click links within an email.

How can I protect myself?

Vigilance, be alert for all emails you receive and sms messages that mention Medibank or a call to action about your personal details.

Protection, install security protection on your phone and computer. This is not about getting a “virus” this is about protecting you from clicking links or visiting websites that are malicious. Software like our sponsor Trend Micro installed on your iPhone, Android Phone, Tablet and computer will prevent you from visiting malicious websites, it’s that simple.