Shares in Australia’s Medibank drop despite foiling ransomware attack

Shares in Medibank, an Australian health insurance business with more than 3 million customers, dropped despite the company announcing on Monday that an attempted ransomware attack it stopped last week had not impacted business.

In an updated statement, the company said its systems had caught “unusual activity consistent with the precursors to a ransomware event” and that it had isolated the affected systems as a precautionary action.

The company stressed this “was done out of an abundance of caution” and that customer data did not appear to have been stolen. It added that normal business operations had now resumed.

“Medibank systems were not encrypted by ransomware during this incident and there is no indication that the incident was caused by a state-based threat actor,” the statement added.

The company, which is publicly listed on the Australian Securities Exchange, added that its business was tracking in line with its financial forecast for the next year, and did not expect the attack “to impact this momentum” — however its shares dropped nearly 5% after trading resumed on Monday before recovering to around a 3.4% loss.

The reasons for the drop are unclear. Although it’s common for share prices to drop when adverse news is reported to investors, market confidence in company statements may also have been challenged in Australia by a security incident affecting Optus, the country’s second-largest telecommunications company, which was initially described as a “sophisticated attack.”

This framing prompted significant criticism of Optus, including from Australia's minister for Home Affairs and Cybersecurity, Clare O'Neill, who said the incident was "quite a basic hack."

Reports suggest the Optus data was actually stolen via an unsecured API (application programming interface) that allowed anyone who could find it to iterate through phone numbers and collect customer data.

The Optus incident, which may have impacted 10 million people, is now being investigated by Australia's Information Commissioner, responsible for upholding data protection law, and its Communications and Media Authority, and the company could face regulatory action.

Medibank’s chief executive David Koczkar said the company was sorry the incident occurred and that Medibank understands its initial announcement may have caused some concern and inconvenience for customers.

"We take the protection of our customers’ data very seriously and ongoing investigations continue to show no evidence customer data has been removed from our network. We will provide updates if the situation changes,” he added.

Medibank, which was formerly government owned before being privatized as a not-for-profit in 2014, has around 3.7 million customers in Australia and reported an annual group revenue of AUS $6.9 billion in 2021 ($4.33 billion USD).

The company said it has been working with the Australian Cyber Security Center alongside regulators and government departments as part of its response.

“We will also share technical information with peers across the industry as part of our commitment to helping others understand how this incident transpired and to allow our industry peers to bolster their own defenses,” Koczkar added.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Alexander Martin

Alexander Martin

is the UK Editor for Recorded Future News. He was previously a technology reporter for Sky News and is also a fellow at the European Cyber Conflict Research Initiative.