Medibank was targeted using stolen login credentials that led the threat actors to its network, allowing them to steal customer records. Medibank is in conversation with the threat actors while Australian federal police investigate the matter and the fate of the customer’s hanging. Here is everything about the Medibank hack, how the cyberattack took place, what Medibank is doing and offering its customers, what will Medibank’s future be, and why cyber insurance and cybersecurity protection is essential for organizations.
This cybersecurity month is turning out to be an absolute menace, with cybercriminals striking from all ends, bringing enterprises down with multiple cases. One such story making headlines worldwide is the Medibank data breach, where the data of the entire clientele of the organization has been exposed, putting personal information and health information at risk. Medibank is engaged in conversations with the threat actor, who is demanding a ransom for the stolen credentials, with Australia’s watchdogs investigating the cyberattack thoroughly. Let us see how the cyberattack took place, Medibank’s data breach at a glance, where the organization stands and what is yet to come.
Medibank Hack and Data Breach
Medibank revealed that its customer records were hacked, affecting a significant portion of its clientele. When the hack started, Medibank estimated that the cyberattack was limited, and nearly 1000 records were exposed. However, Medibank now believes the hack has a broader reach and has established that the threat actor has access to international student customer data and health claims information. All of its 3.9 million client bases could be at significant risk, including current and former customers, since the state’s and territory’s health record laws required Medibank to maintain the information for seven years.
The personal data exposed includes full names, residential addresses, Medicare card information, and genders, opening the individuals up to impersonation and spear phishing campaigns. Furthermore, such data could be sold on the dark web to multiple threat actors who could carry out malicious activities and commit fraud. The hack also includes health information such as customer claim codes.
How did the Medibank Attack Happen?
The attack on Medibank started when a threat actor with access to high-level login credentials to Medibank’s systems posted them on a Russian cybercriminal forum for sale. The credentials were purchased by another threat actor, who used them to enter Medibank’s systems and infiltrate the organizational network, establishing two backdoors.
The rest of it is speculation at this point since Medibank has not revealed any detailed account of the attack. Still, the view is that the threat actor thoroughly examined Medibank’s network and applications, deploying a tool to exfiltrate customer records as a zip file from Medibank’s database.
Medibank detected the suspicious trail and deployed countermeasures, closing the backdoors. The attack on Medibank is under investigation by the organization, the Australian federal police, and the Australian Signals Directorate. Fergus Hanson, Director of the Australian Strategic Policy Institute’s International Cyber Policy Centre, backed the story of stolen credentials being sold and bought. When asked if organizations are prepared for such hacks,
Hanson clarified that this was a preventable attack and that “maybe” the organization could have done better. He finished with, “Is every organization gripped up to deal with this? Well, absolutely not. Medibank is in a really privileged position, handling people’s healthcare data, so I think there is a genuine case to answer there.”
Medibank’s Financial Losses: What will Medibank Provide its Customers?
Medibank has announced that it will provide a financial support package to diminish the hardship suffered by its customers if they are in a “uniquely vulnerable position” following the cyberattack. Medibank has also clarified that it will reimburse the costs associated with ID re-issuance for clients affected by the hack.
Taking all this into account, Medibank has highlighted that the incident will cost them AUD $25 – $35 million since the organization did not have cyberattack insurance. Additionally, the estimated cost does not include the compensation that Medibank will provide its customers nor the regulatory fines and legal fees associated with the cyberattack.
Medibank has also announced that all premium increases will be delayed until the end of Jan 2023, a decision that would offset Medibank’s Covid-19 savings and will cost nearly $62 million.
Medibank’s Current Position
Medibank is still communicating with the threat actor behind the attack. The threat actor was able to hack the health insurance organization after obtaining genuine Medibank credentials on a Russian cybercriminal forum from a fellow cybercriminal. The hacker has demanded a ransom from Medibank in exchange for the records. However, the organization has not commented if they are considering or willing to pay the ransom demand.
John Goodall, Head of Technology and Operations at Medibank, revealed that the organization has deployed network monitoring tools following the attack. The tools work round the clock and suggest that the threat actor is not present in the organizational systems, clearing the risk of a persistent attack. On the other hand, customers might not be safe from the cyberattack just yet.
David Koczkar, Chief Executive at Medibank, said there is no evidence of any exposed credit card information. He added, “But I will be very clear to say we are continuing to investigate. And as soon as it becomes clear to us if that changes, we will make it clear.”
Most of the comments have come from the information that Medibank has obtained via communications with the threat actor. Koczkar also apologized to Medibank customers, outlining that the cyberattack was designed to maximize the harm to its community’s “most vulnerable members.”
What Will Happen to Medibank?
It has been circulating that high-level staff credentials were used to access Medibank’s network and could have belonged to a superuser or position holder. With the Australian authorities joining the investigation and Medibank dealing with the threat actor and the split clientele of individuals, the conclusion is pending. Some customers are looking for the probe to clarify what data was lost. Hence, they know where their security stands. Others are looking to benefit from the promised services and grab reimbursements.
Regardless, it is clear that login credentials were compromised, which led to such a significant hack. Organizations could easily avoid such a scenario as login credentials are easily protected, and the organizational networks can be secured by enforcing password policies. Furthermore, the attack begs the question if Medibank was implementing MFA (Multi-Factor Authentication) since the threat actor quickly entered the network with the login credentials.
Organizations should learn from Medibank’s mistakes and enforce strong password policies with MFA for additional security. Furthermore, investing in cyber insurance is a crucial step that Medibank skipped, an action that could have saved the organization from losses of millions.
Final Words
Cybercrimes are quickly escalating, and Medibank’s case has shown how a simple thing such as a stolen credential can compromise the safety of nearly 4 million individuals and send any organization into a spiral of financial losses.
With remedial measures, the benefits provided to the affected clients, regulatory lawsuits and fines, it is clear that the immediate future of the health insurance organization is a dark one that could potentially lead to the end of Medibank via a mixture of loss of reputation and customer trust paired with financial losses. It is suggested that organizations invest in adequate cybersecurity measures and staff education to ensure that all endpoints are always protected.
In the meantime, what will become of Medibank and will its clients be safe from the consequences of the hack is a question that only time will answer.