Medibank faces new year billing due to hacker attacks

“If the Commissioner believes there is sufficient public interest in an incident, the Commissioner may release an investigative report,” the OAIC said.

The law firm of Maurice Blackburn filed a representative complaint with the OAIC on the morning of the Commission’s announcement of the investigation. The company alleges that Medibank failed to meet its obligations because it failed to take steps to protect its customers’ personal information, and that any adverse findings by the OAIC would increase the prospects of compensation.

“We believe our processes have been robust, although clearly not robust enough under the circumstances.”

Mike Wilkins, Chairman of Medibank Private

Bloomberg Intelligence estimates a compensation claim could easily reach $700 million.

The criminals accessed basic account information for 9.7 million current and former Medibank customers, as well as health insurance information for approximately 160,000 Medibank customers, 300,000 budget ahm customers and 20,000 international customers.

Greg Austin, a cybersecurity expert at geopolitical think tank International Institute for Strategic Studies (IISS), says guilt should be an issue for Medibank — as its chairman, Mike Wilkins, inadvertently admitted at its annual meeting in November.

“We believe our processes have been robust, although clearly not robust enough under the circumstances,” Wilkins told investors.

Mike Wilkins, Chairman of Medibank: The insurer's board and management are awaiting the results of reports examining how the hacking could have happened under their supervision.

Mike Wilkins, Chairman of Medibank: The insurer’s board and management are awaiting the results of reports examining how the hacking could have happened under their supervision.Credit:Luis Enrique Ascui

For example, Austin was surprised that compromised access to an individual’s work records at Medibank resulted in access to the entire database, including employee records.

“Nobody in a bank can access all of the bank’s customer data using their access data. It’s all compartmentalized,” he said.

“What seems to be the case with Medibank is that they got everything because there was someone in the organization who had the administrative authority to get everything.”

Financial Impact

The financial impact appears to be reflected in the private health insurer’s stock price — with Medibank’s market valuation having lost nearly $2 billion since the incident broke. And investors shouldn’t expect a quick recovery either.

Glenn Withers, an economics professor at ANU, has helped develop a study on the impact of stock market cyber incidents on the stock market benchmark S&P500, which includes some of the largest US companies.

“What we found is that (cyber incidents) have a very serious impact,” he said. And the negativity doesn’t go away once a fix is ​​made.

“Most of them are in the range of about 5 to 15 percent loss in stock market valuation in the first year to two years after a major cybersecurity event,” he said.

Loading

However, he cautioned that serious cyber breaches can require many organizational upheavals before the victim can recover.

“What we can also say is where the (cyber) effect is big, a company often bounces back through takeover and management renewal. You have to rebuild a company that has been hit the hardest to get back on track.”

He considers this to be the case with Medibank.

“I would have thought that in this case a very extensive renewal would be required,” he said. “It’s not going to be a short-term fix at all.”

The Business Briefing newsletter delivers important stories, exclusive coverage and expert opinions. Sign up to receive it every weekday morning.

https://www.smh.com.au/business/companies/medibank-faces-new-year-reckoning-over-hack-attacks-20221202-p5c35z.html?ref=rss&utm_medium=rss&utm_source=rss_business Medibank faces new year billing due to hacker attacks

Brian Lowry

InternetCloning is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – admin@internetcloning.com. The content will be deleted within 24 hours.

Related Articles

Back to top button