Australia’s No. 1 health insurer says hacker stole patient details

(Reuters) – Australia’s biggest health insurer said on Thursday a criminal had apparently stolen customers’ medical information as part of a massive breach of data, fueling concern about a wave of high-profile cyberattacks.

Medibank Private Ltd., which covers one-sixth of Australians, said an unidentified person had shown the company stolen personal information of 100 customers, including medical diagnoses and procedures, as part of a theft of 200 gigabytes of data, first disclosed by the company a week earlier.

The company did not say how many of its 4 million customers were likely to have been affected but warned the number was likely to rise. The Australian Federal Police said they had opened an investigation into the breach, without commenting further.

The disclosure adds a new layer of angst to a wave of cyberattacks on Australia’s biggest firms since No. 2 telco Optus, owned by Singapore Telecommunications Ltd., revealed a month ago that data of up to 10 million customers may have been stolen.

Until now, most public commentary has focused on the risk that hackers would use stolen data to access bank accounts. The Sydney Morning Herald reported that it obtained a message from a person claiming to be the Medibank hacker threatening to publish medical records of high-profile individuals unless the person were paid.

“What we have here is ... health care information and that just on its own being made public can cause immense harm to Australians and that’s why we are so engaged with this,” Cybersecurity Minister Clare O'Neill told the Australian Broadcasting Corp.