One of Australia’s biggest private health insurers has taken systems offline following a possible cyberattack, just weeks after a major telecom company was caught up in one of the country’s worst data breaches.
Medibank Group said on Thursday it had engaged cybersecurity experts and taken steps to protect its systems after detecting “unusual activity on its network”.
The insurer, which has nearly four million customers in Australia, said it had yet to find evidence that sensitive data had been accessed in the incident.
“As part of our response to this incident, Medibank will be isolating and removing access to some customer-facing systems to reduce the likelihood of damage to systems or data loss,” the company said in a statement.
Medibank CEO David Koczkar offered an apology and said the firm was “working around the clock” to understand the nature of the incident and how customers might be affected.
“Our highest priority is resolving this matter as transparently and quickly as possible,” Koczkar said.
“We will continue to take decisive action to protect Medibank Group customers and our people. We recognise the significant responsibility we have to the people who rely on us to look after their health and wellbeing and whose data we hold.”
The incident comes less than a month after Optus, Australia’s second-biggest telecom operator, announced that it had been targeted in a cyberattack that potentially compromised the personal data of up to 10 million subscribers.
Optus, which is owned by Singapore’s Singtel, could face millions of dollars in fines by Australian regulators over the data breach, which included customers’ names, dates of birth, phone numbers and passport numbers.
Last week, Singtel announced that another of its Australian units, IT consulting services firm Dialog, had experienced a cyberattack that potentially affected data belonging to 1,000 current and former employees and fewer than two dozen clients.