Australia’s Medibank reports cyber incident, shares on trading halt

Australian health insurer Medibank Private said on Thursday it would isolate and remove access to some customer-facing systems as it detected unusual activity on its network.

The company said it took “immediate steps to contain the incident, and engaged specialized cybersecurity firms”, adding that there was no evidence that any sensitive data, including customer data, had been accessed at this stage.

The incident follows a breach late last month at Optus, Australia’s second-largest telecoms provider, which compromised data of up to 10 million customers and triggered an overhaul of consumer privacy rules to facilitate targeted data sharing between telecommunication firms and banks.

Medibank said on Thursday the isolation of several customer-facing systems would reduce the likelihood of damage to systems or data loss.

“As a result our AHM (Australian Health Management) and international student policy management systems have been taken offline. We expect these systems to be offline for most of the day,” the health insurer said in a statement.

The company, however, said its health services continue to be available to its customers, which “includes their ability to access their health providers, as we work through this incident.”

Medibank shares had entered a trading halt pending the announcement of the cyber incident, and the health insurer confirmed it would remain closed for trading as it investigates the incident.