“I can’t believe I’m saying this but it might be one of those cases where it might be better if the ransom was paid,” Buckland said.
The insurer’s response to the cyber attack will cost anything up to $35 million but potential lawsuits and penalties could blow the figure out.
It comes as Medibank revealed this morning all four million of its customer’s personal and sensitive health data has been accessed by hackers.
“Our investigation has now established that the criminal had access to all ahm customers’ personal data and significant amounts of health claims data; all international student customers’ personal data and significant amounts of health claims data; all Medibank customers’ personal data and significant amounts of health claims data,” Medibank said in a statement.
“As a result, we expect that the number of affected customers could grow substantially.”
Medibank said its IT systems had not been encrypted by ransomware yet, and customers could continue to access health services.
Support for affected customers includes individual “hardship packages” for customers left in a “uniquely vulnerable” decision, free identity monitoring for customers who have had their identity compromised, and free re-issues of compromised documents.
“Australians who are struggling with mental health conditions, drug and alcohol addiction, with diseases that carry some shame or embarrassment, they are entitled to keep that information private and confidential,” she said.
“For a cybercriminal to hang this over the heads of Australians is a dog act. It is scum of the earth, lowest of the low territory.”
The AFP is continuing to investigate the incident.
A gloating message read “we went public early… we engaged with government quickly… we listened, we learned and we responded in real time”.
Scam text fools drivers into thinking they have missed paying a toll