The government has invoked a Covid-era response mechanism, bringing together federal, state and territory agencies to coordinate on the worsening Medibank data breach.
Minister for cyber security Clare O'Neil said the national coordination mechanism (NCM) was activated on Saturday.The activation came as Medibank announced that the attackers who breached its ahm and international student systems had provided a file which demonstrated compromise of customer records under its main brand as well.
“What we can see is that Medibank is just as complex and urgent as some of what was dealt with [during the pandemic],” O’Neil said on Tuesday. “When it comes to the personal health information of Australians, the damage here is potentially irreparable”.
The stolen data is from current and former customers and includes names, addresses, birthdates, Medicare numbers, contact information and claims data from the private health insurer. The list of Medibank customers affected potentially includes high-profile Australians.
“Australians who are struggling with mental health conditions, drug and alcohol addiction, with diseases that carry some shame or embarrassment – they are entitled to keep that information private and confidential,” O’Neil said in parliament.
Senator James Paterson, the shadow minister for cybersecurity, criticised the government for a slow response to the attacks and said that despite the company’s initial denials customers’ worst fears have now been realised.
“After a slow and confused response to the Optus cyberattack, it is concerning that it took Cybersecurity Minister Clare O’Neil a week to publicly respond to the Medibank hack,” he said.