Medibank Cyber Incident
ALLISON LANGDON: Well, millions of Australians have had their fears confirmed – the cyber attack on Medibank putting their sensitive medical history at risk.
KARL STEFANOVIC: Cyber Security Minister Clare O’Neil has warned these relentless attacks are now the reality of the new world that we live in. And she joins us now from Melbourne. Clare, good morning to you. I think you’ve been really good on this, really strong. Are we any closer to resolving this one?
CLARE O’NEIL: Well, thank you, and good morning to your viewers. We’re still clarifying exactly what has occurred in Medibank. But I am very, very concerned about what’s happened here. Many of your viewers would remember we had a big hack at Optus several weeks ago, and that involved the revealing of personal and financial information. And financial crime is very important and very serious, but ultimately we can replace credit cards. The issue with Medibank is that the information at stake here is personal, private health information of Australian citizens. And this damage could be irreparable.
And if anything happens to put this into the public realm it will be an absolute dog act. And that’s why the Australian government has really muscled up here. We are weighing in very heavily to help Medibank with this situation, and I am very focused and occupied with this task.
ALLISON LANGDON: And just how serious is that threat, do you think? Because, I mean, you could be talking about people who may have drug or alcohol issues, mental health issues that they haven’t even told their close family and friends about that could be out in the public. How really do you think that threat is of that information being released?
CLARE O’NEIL: Yeah, so you’re absolutely right about the nature of the information. I mean, the problem with these cyber attacks, and this one in particular, is these are ordinary Australians who are probably – you know, don’t have particularly deep pockets, normal people who trust companies with their data and believe that something like health information is always going to be protected. And, you know, for people who’ve got, you know, sexually transmitted diseases, drug addiction, mental health issues, like, these are things we’re entitled to keep private. And that’s why I find these incidents so very concerning.
In terms of how real the threat is, well, I’m here on your show today because I’m worried about it. And what we’ve done is get the Australian Federal Police and the very smartest, toughest people across the Australian government – the best cyber security experts in the country – into Medibank to help them with this problem. In fact, we’ve actually agreed with Medibank to bring literally staff into their organisation to help them try to stop the really irreparable harm from coming from what has been a really bad cyber incident in the country.
KARL STEFANOVIC: Okay, but the horse has bolted, hasn’t it? I mean – and tell me, if you can, whether it was the same kind of breach with Medibank as it was with Optus and why weren’t we able to – was it a breach of the company not having enough security involved? I mean, do you know yet? Because surely to know that and to do something about it is the priority.
CLARE O’NEIL: Yep, so absolutely I think these facts are really, really important. We’re actually in the middle of a commission of a crime occurring at the moment, so I don’t want to get into the technical details of what’s happened. But what I do want your viewers to understand is that we are in a new world here, and cybercrime is not going anywhere. There was a meeting of INTERPOL, a kind of heads of all the police forces around the world this week in India, and they’ve actually said that cybercrime is their number one crime concern for the globe at the moment.
So these people are the bag snatchers and the armed robbers of the 21st century, and one of my jobs as Cyber Security Minister is to try to understand we are behind the 8-ball here, and I think that’s clear from what we’ve seen over the last month. We need to really step up our game in Australia in terms of policy, in terms of citizens and in terms of how we think about this problem. And I’m really focused on that as well as dealing with this crisis at the moment at Medibank.
ALLISON LANGDON: Look, it is so scary, and there are a lot of people out there who are incredibly frightened as to what information might come to light.
KARL STEFANOVIC: Yeah. Definitely.
ALLISON LANGDON: Even if you’re not with Medibank and you’re with a different insurer or something, I mean, every single person is going, “How is anything of mine now safe?” Can you reassure people or not?
CLARE O’NEIL: Yeah, look, let me just say that we don’t have a full scope of understanding about the data breach here at Medibank. What Medibank have advised us is that this affects at this at this stage they’re aware AHM customers and international student customers. So they have a 3.7 million-person customer base, but this AHM and international student customer base is quite a bit smaller.
But, yeah, I can’t sugarcoat this for people – I’m worried about it. I’m very focused on it. And I really do think that these two incidents – Optus and Medibank – this is a big wake-up call for our country. We are behind and we need to make a big effort and a big push to get better. And we can get better. I truly believe that. But we do need big focus and big effort.
KARL STEFANOVIC: And it needs to happen now. So there is a good argument from Professor Carsten Rudolph in the editorial of the Telegraph today saying holding on as much personal data, holding on to that and de-identifying the data that they do hold is something you probably can legislate expeditiously. Why not do it now?
CLARE O’NEIL: Well, I agree. I think there’s real questions here about why Australian companies are holding so much data and holding it for such a long period of time. So we are looking at ways that we might be able to change that. And even, I think, one of the ideas that’s come out of these incidents is thinking about whether there are better ways for us to authenticate people’s identity than what’s being used at the moment where you have many Australian companies holding the same document about you.
So I think these are really important reforms, but I have to tell you that today my mind is on the people who are affected by this.
KARL STEFANOVIC: Okay.
CLARE O’NEIL: Some vulnerable people, some ordinary Australians, and that’s where my focus is.
ALLISON LANGDON: Okay. Thank you, Minister. Appreciate your time this morning. We know you’re busy.
KARL STEFANOVIC: Thanks, Minister. Appreciate it.