Medibank, which covers one-sixth of Australians, said the estimated cost did not include further potential remediation or regulatory expenses. The company reiterated that its IT systems had not been encrypted by ransomware to date and that it would continue to monitor for any further suspicious activity. “Everywhere we have identified a breach, it is now closed,” John Goodall, Medibank’s top technology executive, told an analyst call on Wednesday.
“Our investigation has now established that this criminal has accessed all our private health insurance customers’ personal data and significant amounts of their health claims data,” chief executive David Koczkar said in a statement. “I apologize unreservedly to our customers. This is a terrible crime — this is a crime designed to cause maximum harm to the most vulnerable members of our community.”