Media statement – Medibank cybercrime event and My Home Hospital

It has become clear overnight that the criminal has accessed patient information relating to My Home Hospital.

My Home Hospital is a service delivered by a joint venture between Calvary and Medibank on behalf of Wellbeing SA and the South Australian Government.

The data accessed includes personal information and some health data.

Medibank has begun directly contacting affected patients. Any patients admitted to My Home Hospital on or after 13 October 2022 have not been affected.

While Medibank has not yet determined if the data has been illegally taken from our system, we know it has been accessed.

We unreservedly apologise to our patients who have been the victims of this very serious crime.

We appreciate this will be distressing for patients.

This cybercrime event is subject to a criminal investigation by the Australian Federal Police and the Federal Government has activated the National Coordination Mechanism to bring together agencies across the Federal Government, states and territories.

Medibank has established a dedicated phone support service for My Home Hospital patients (My Home Hospital Cyber Response 1800 081 245).

Medibank has extended its cybercrime support package to My Home Hospital patients including:
• A hardship package to provide financial support for patients who are in a uniquely vulnerable position as a result of this crime, who will be supported on an individual basis
• Access to Medibank’s mental health and wellbeing support line for all patients (1800 644 325)
• Access to specialist identity protection advice and resources from IDCARE
• Free identity monitoring services for patients who have had their primary ID compromised
• Reimbursement of fees for re-issue of identity documents that have been fully compromised in this crime

What should patients do now

Medibank has begun contacting affected patients directly.

Medibank has a team ready to discuss this directly with patients and answer any questions.

Medibank encourages patients to:
• Review the latest advice of The Australian Cyber Security Centre (ACSC) at cyber.gov.au
• Review the Australian Government factsheet which has been developed for those impacted
• Visit the Medibank information page on the website for any updates
• Monitor the news on the Government’s Home Affairs website News (homeaffairs.gov.au)

It is important to remain vigilant with online security.

We recommend:
• Being alert for any phishing scams that may come to you by phone, post or email
• Being vigilant to verify any communications you receive to ensure they are legitimate and
• Not opening texts from unknown or suspicious numbers

ScamWatch has online resources that explain what these scams can look like. It can be found here: Protect yourself from scams | Scamwatch

We also recommend changing passwords regularly with ‘strong’ passwords and activating multi-factor authentication on any online accounts where that function is available. Patients should also monitor their bank and credit card accounts and call their banks if they have any concerns.

Patients should also be mindful of any scams pretending to be ‘myGov’ or any other government provider requesting them to click on a link to change their password. As always, we will never contact people asking them for their password or sensitive information