Gov invokes emergency coordination as Medibank breach worsens

The government has invoked a Covid-era response mechanism, bringing together federal, state and territory agencies to coordinate on the worsening Medibank data breach.

Minister for cyber security Clare O'Neil said the national coordination mechanism (NCM) was activated on Saturday.

The activation came as Medibank announced that the attackers who breached its ahm and international student systems had provided a file which demonstrated compromise of customer records under its main brand as well.

Since yesterday's announcement, Medibank has announced that the data breach affects personal data and "significant amounts of health claims data" of all ahm, international student, and Medibank customers.

“Given the sensitive nature of the data, on Saturday I activated the national coordination mechanism to bring together agencies across the federal government, states and territories to ensure that all possible support is being provided to Medibank and all those uniquely vulnerable Australians affected by this incident," O'Neil said.

The NCM “brings together all relevant departments, agencies, and other stakeholders to share information and coordinate an appropriate response.”

Medibank announced a support package for those affected by its widening data breach.

This includes individualised hardship packages, access to a mental health and wellbeing support line, access to IDCARE identity protection services, free identity monitoring, and reimbursement of fees for customers who need to replace identity documents.

In its full year 2022-2023 outlook update to the Australian Securities Exchange [PDF], Medibank said it did not have cyber insurance.

"Based on our current actions in response to the cybercrime event, noting that Medibank does not have cyber insurance, we currently estimate $25 million-$35 million pre-tax non-recurring costs will impact earnings in 1H23. These non-recurring costs do not include further potential customer and other remediation, regulatory or litigation related costs," the filing said.