Medibank’s Expenditure After Cyber Attack Reaches $46.4 Million, With $22 Million Spent on Administrative Costs Alone
In a detailed breakdown of its expenditures over the past year, Medibank has unveiled the significant financial toll of the cyber attack it endured in October. According to the health insurer’s 2023 annual report, they allocated a total of $46.4 million to address the aftermath of the breach, with nearly half of this amount, specifically $22 million, dedicated to administrative expenses. This was followed by $15.6 million in employee benefits, $7.5 million in technological costs, and $1.2 million in marketing.
Medibank anticipates that this financial burden will persist into the next fiscal year, with an estimated additional expenditure ranging from $30 million to $35 million. This projection encompasses further investments in IT security enhancements and expenses related to regulatory investigations and potential legal actions. It’s important to note that these projections do not include any potential financial consequences stemming from ongoing investigations or litigation outcomes.
In their report, Medibank highlights their commitment to assisting customers in navigating the cyber attack and its repercussions as a top priority. The insurer notes that a significant portion of their customer interactions, approximately 85%, occur through digital channels. To support their clientele, Medibank has already implemented several measures, including extended contact centre hours, an expansion of their support team by 300 additional personnel, and a renewed focus on phone contact and messaging channels.
From a cybersecurity perspective, Medibank has introduced two-factor authentication for customers engaging with their contact centre, demonstrating their ongoing commitment to strengthening security measures.
Medibank’s CEO, David Koczkar, emphasised their dedication to rebuilding customer trust and expressed gratitude to shareholders for their unwavering support. Despite the challenges posed by the cybercrime incident, Medibank has seen a resurgence in momentum.
The cyber attack on Medibank occurred in October 2022 and resulted in the theft of data belonging to 9.7 million customers, both current and former, across its Medibank, ahm health insurance, and My Home Hospital services. The attack was attributed to the Russian-backed cyber group REvil, which claimed to have stolen 200GB of data after obtaining access through a third-party provider.
Company Chair Mike Wilkins AO acknowledged the difficulties faced by Medibank during the 2023 financial year, characterised by the cybercrime event and a challenging economic environment. Despite these challenges, the company demonstrated resilience and a customer-centric focus, ultimately delivering a solid financial result for the year.