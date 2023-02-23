Medibank reveals attack vector and cost of 2022 security breach

By on
Medibank reveals attack vector and cost of 2022 security breach

Expected to surpass $40 million this year.

Medibank is going to take a $26 million half-year hit as the result of its 2022 security breach, and this is expected to climb to between $40 million and $45 million over the full year.

The insurer has also gone public for the first time with technical detail of the attack.

In a half-year results announcement [pdf], Medibank said the attacker first obtained the user ID and password used by a third-party IT services contractor.

A misconfigured firewall allowed the attacker to bypass the need to present “an additional digital security certificate” to access its systems, using those credentials.

“The criminal was able to obtain further usernames and passwords to gain access to a number of Medibank’s systems and their access was not contained," Medibank stated.

The attack triggered a security alert on October 11, and Medibank said there was no further access after October 12.

“In December, we completed operation safeguard, which saw us take our systems offline” to strengthen security, CEO David Koczkar said.

The insurer has also ensured that all of its firewalls are securely configured.

“We now defend more than 18 million perimeter attacks a day”, he said.

“We will continue to strengthen our security environment.”

Both internal and third-party security monitoring have been scaled up, Koczkar said.

Data management will also be re-examined, he said, especially in the light of revisions to the Privacy Act.

Koczkar said after the attack, Medibank lost 13,000 subscribers, but customer acquisition has begun to recover.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
medibanksecurity

Sponsored Whitepapers

2023 Tech Forecast: Build a recession-proof tech workforce
2023 Tech Forecast: Build a recession-proof tech workforce
Technology Skill Development | The strategy for building better teams
Technology Skill Development | The strategy for building better teams
Perspecitves on technology skill development
Perspecitves on technology skill development
State of Upskilling | 2022 Retrospective
State of Upskilling | 2022 Retrospective
Business Case for Upskilling
Business Case for Upskilling

Events

Most Read Articles

Vic gov to set up cyber defence centre and hubs

Vic gov to set up cyber defence centre and hubs
Gov to close long-running telco metadata loophole

Gov to close long-running telco metadata loophole
Bunnings and Kmart facial recognition probe set to finish by July

Bunnings and Kmart facial recognition probe set to finish by July
Microsoft patches three exploited zero-days

Microsoft patches three exploited zero-days

Digital Nation

Cover Story: The business of gaming will reshape marketing, technology
Cover Story: The business of gaming will reshape marketing, technology
Case study: How La Trobe University sets its data students up for success
Case study: How La Trobe University sets its data students up for success
Meta threatens to take news off its platform in the US. Yep, we're here again
Meta threatens to take news off its platform in the US. Yep, we're here again
Case study: Transurban uses automation to detect road incidents
Case study: Transurban uses automation to detect road incidents
Case Study: How HCF reengaged its customers through data and analytics
Case Study: How HCF reengaged its customers through data and analytics

Log In

  |  Forgot your password?