Medibank Private has confirmed it has received messages from a group wishing to negotiate with the company regarding their alleged removal of customer data.
The update comes less than a week after the company was hit by a cyber attack.
Medibank says it is working urgently to establish if the claim is true, but is treating the matter seriously. As a result of this, the health insurer has halted trading on the share market until further notice.
Medibank first reported "unusual activity" had been detected on its network on October 12.
However, the company said there was no evidence sensitive data, including customer information, had been accessed. The nature of the business means Medibank holds a range of personal information regarding its customers.
In a statement, the company said its systems had not been encrypted by ransomware, which meant usual activities for customers could continue.
"Our ongoing response to safeguard our networks and systems may cause necessary temporary disruptions to our services," the statement said.
"Investigations are ongoing and Medibank will continue to provide regular updates."
Medibank Private is working with specialised cybersecurity firms and has advised the Australian Cyber Security Centre.