Cybersecurity » Lessons From An Insurer’s Huge Data Breach

Lessons From An Insurer’s Huge Data Breach


Medibank, a huge Australian health insurance company, decided not to insure itself against cyberattacks. In hindsight, they should’ve known better. That’s one lesson to be drawn from the ongoing tale of the theft of data on 10 million current and former Medibank customers. There are others. The hackers spent a month or so rummaging around the personal affairs of the victims, then published a threat to release sensitive data, including detailed health information about both ordinary and notable people, and presented a demand for an unknown but very large ransom. Medibank has been roundly criticized for its slow response. It even made an announcement admitting to the breach, but saying it was unlikely that sensitive information was stolen (wrong). In an email exchange with the thieves, a company representative asks how they can be sure the hackers will delete the data if the ransom is paid. The hackers reply that they have a reputation to maintain, and “are interested in getting money, not destroying your company.” They didn’t bother mentioning that maintaining their reputation requires inflicting maximum pain if their demands aren’t met. When Medibank refused to pay (plan B?) the hackers proceeded to post what they’re calling “naughty” and “nice” lists of health records. The “naughty” list concerns people who’ve been treated for issues like addiction and eating disorders. The hackers claim they’ve only started releasing the stolen information. Lawsuits against Medibank are in the works. Estimates suggest that the company’s losses will be in the tens of millions of dollars. A final lesson – cyberattack insurance costs a lot, but it’s a bargain compared to having neither a plan nor an insurer.

Get our free daily newsletter

Subscribe for the latest news and business legal developments.

Read this next

Top 100 Litigator Sues Blue Cross Over His Cancer Treatment

In 2018, Robert Salim, 67, realized he was seriously ill. After numerous […]

Eight States Now Require Pay Transparency in Job Postings

Financial Industry Suing to Foil New Regulations

New rules aimed at lenders, investment funds, and other financial entities would […]

Regulatory Burden Factors Into AI Decision

GC Must Warn Boards Of AI Risks

There are companies investing hundreds of millions of dollars or more into […]

Scroll to Top