Case Study: Medibank Data Breach


Industry: Health Insurance Provider

About Medibak:

Medibank is a dedicated health company committed to creating “Better Health for Better Lives.” With a legacy spanning 47 years as one of Australia’s leading health insurers, Medibank and its subsidiary brand, ahm, passionately support millions of customers across the nation on their journey to managing their health and wellbeing.

How did the data breach occur?

Even though the details of the hackers’ entry into the system have not yet been made public, we presume that the Medibank data breach have been made possible by hackers using phishing to acquire internal credentials from a worker who had the authority to get into the insurance provider’s system. Ransomware, too, is frequently the attack method used by hackers to execute a data breach. The bulk of cyberattacks that we have seen over the years have ransomware infection as one of their primary objectives. 

What was the impact of the data breach as a whole?

The effects on Medibank were severe, ranging from the loss of customer data from the past and present to an 18% decline in stock prices. Although Medibank wasn’t the only victim of ransomware in recent times, the impact was significant as it also tarnished the company’s reputation.

Hacking confirmation breakthrough on the news

There was an unexplained behaviour on the company’s network on October 13, 2022, which was followed by a warning from Medibank indicating that they had been looking into the abnormal activity and determining the source. But despite their efforts, they were unable to discover any signs of a breach. On October 19, however, a group of hackers called the company, claiming to have stolen 200 GB of private customer information. They then started discussing the terms under which they would hand over the data to the dark web. The business admitted the very next day that the hacker’s shocking claim to have stolen 200 GB worth of client data was not a lie.

What data was compromised?

The data breach’s severity was revealed on November 7th, along with the acknowledgement that 9.7 million active and prior consumers’ confidential data had been exposed. Following that, news stations reported that Medibank would not be paying the ransom demanded by the hacker group REvil. This ransomware group is supported by a Russian website, and they posted a file on the dark web called “Abortion” that described miscarriages, abortions, and pregnancy difficulties. In addition, the cybercriminal group released two files titled “Good List” and “Naughty List.” Even though the event was made public, all that is known about it is what was on the “Naughty List,” which contained private information on things like drug use, mental illness, HIV treatment, and eating disorders.

Law-enforcement taking action

The hackers put Medibank under siege by posting a file called “Abortion” on the dark web and threatening to post more private data if they weren’t paid 10 million US dollars. The Australian Federal Police (AFP) relaunched Operation Guardian, which was first introduced in response to the Optus security breach event, to address this Medibank data leak. The Australian Federal Police (AFP) and Interpol soon identified a link between the operation and the hacking collective REvil as part of their criminal probe.

Stock price dropped

Apart from the negative impact on their financial and reputational status after the compromise of 9.7 million records, Medibank also saw a sharp decline in their stock prices as the news of the hack into the company’s network became public. The stock price fell from AUD 3.51 to AUD 2.87, representing a reduction of 18% since October 19th.

What is the usual pattern of incidents like the Medibank Data Breach?

Similar to Medibank, data breaches have been frequently covered in recent news headlines, and we are all aware of the implications of subpar cybersecurity strategies. However, neither the general public nor the workforce is taught how data breaches happen or the extent of the long-term harm they might do.

After data is stolen, a demand is made by the hackers to the victim company with the threat that, if the ransom money is not paid, the information will be made public on the dark web or other shady places where the data may be obtained and used inappropriately. Therefore, in light of this, it is essential to exercise prudence and inform the general public as soon as possible.

How to prevent data breaches?

There is always an answer to every issue. Most data breaches follow a similar pattern that begins with human error and a lack of awareness, where the hacker breaches in and mirrors the system to access the important files. However, if we take care of our security by putting some fundamental habits and awareness into practice, we may be able to reduce the risk of being breached or hacked. Let’s discuss some easy habits we can develop to protect our privacy.

Enable Two-factor authentication

Similar to how you apply sunscreen after moisturizer to protect your skin from UV rays before stepping outside your home, two-factor authentication is an additional layer of protection that comes after creating a strong, unique password to safeguard your account. Its primary function is to authorize access to the account following OTP validation sent to the associated email address or phone number.

Use strong and unique passwords and keep changing them routinely

Being cautious is a good thing, but having a password that is very strong and changes frequently creates a strong defence wall against cyber hackers, making it difficult to impossible for them to decipher the code.

Be vigilant at all times

Knowledge is essential because it helps individuals prepare for the unexpected. Otherwise, how would they handle the situation when it arises? Showcase actual incidents as a lesson and train your staff to recognize a phishing scam and take immediate action. Along with awareness, the right tools are necessary. For example, EmailRemediator helps spread awareness of potential scams by displaying suspicious emails in other employees’ mailboxes. If a particular email server has been reported in multiple accounts, EmailRemediator sends a red alert to the entire organization, and the server will be immediately blocked.

Use reliable antivirus software

Keeping reliable anti-virus software that can reduce malware risks on your system is crucial in addition to keeping your cybersecurity up to date. By comparing a specific code set in the database, it can quickly identify and eliminate any viruses that may already be present in the system. The codes contain specific information, and the anti-virus software will treat them as malware if they are discovered to be similar to the codes of malware.

Never share your PII online

Your Social Security number, address, financial and medical records, and other personally identifiable information are all examples of PII. These are private details, and only necessary disclosures should be made. Sharing this information on the internet can make you vulnerable to identity theft, fraud, and other malicious activities. Along with protecting PII, avoiding data breaches necessitates maintaining the privacy of your business and your employees’ credentials.

Regularly backup your data

Keeping a backup of your private information is essential for protection against hardware failure, malware infection, and even natural catastrophes. If you always have a backup of your confidential data on hand, the chances of losing it are reduced.

Provide security training to employees and have firm security measures

It is crucial to train your workforce to spot phishing attempts and take appropriate legal action. Strong security measures and regular checks to ensure the procedure is being followed are essential.


Every time a data breach occurs, the victims suffer a great deal, but gradually, cyber security is improving as well to counteract sophisticated social engineering such as phishing, data leaks, ransomware, malware attacks, etc. Law enforcement is increasingly stern towards online fraudsters, whether it be a minor phishing attack or a ransom demand. The only strategy we have to combat situations like the Medibank data breach is to have a thorough grasp of cybersecurity, undergo appropriate training of our workforce and clients, and position the appropriate protection tools.