Medibank Detects Ransomware ‘Behind the Scenes’ Activity – Security

Medibank released details of the cyber incident last week, saying it detected precursor activity consistent with a ransomware attack.

CEO David Koczkar said no customer data was captured and the insurer has since brought its customer-facing systems back online.how much it cost take the system offline immediately After the surveillance system detects “unusual activity”.

“Although we have contained the ransomware threat, we remain vigilant and will continue to take necessary steps to protect our operations and customer data,” said Koczkar.

In a brief chronology of events, Medibank said it first detected “unusual activity” on its servers last Wednesday, and its cybersecurity team, with the help of partners, began responding to the incident.

“Later that night, we identified unusual activity centered on the IT infrastructure we use to support our ahm and international student customer policy management systems.”

Medibank decided to temporarily block access to the two systems and isolate them, halting trading while the activity was investigated, Koczkar said.

Our customer-facing systems were “restored to the new IT infrastructure” and by last Friday we were back to business as usual.

He added that Medibank began contacting customers via email and text on Thursday and providing them with information about the incident.

In response to questions from investors, Koczkar said Medibank was aware of how the attackers gained access to its systems.

“We believe… one [set] A number of our credentials were compromised and we are investigating what exactly happened,” he said.

“We have taken all necessary steps to address this.”

He said he found no evidence of access to customer data, but that “it is subject to ongoing forensic analysis.”

He said Medibank was “very happy with how we’re sitting in terms of our ability to respond to cyber incidents,” but said the incident would lead to “some learnings.” rice field.

Koczkar said he did not anticipate significant costs related to the case.

He said, “We would like to thank the Australian Cyber ​​Security Center (ACSC), regulators and government departments for their contributions and support in our response and for working with us so effectively.”

“We will also share technical information with our colleagues as part of our efforts to help others understand this incident and strengthen their own defenses.

Mr. Koczkar also thanked the customer for his patience.