Share this article on:
In a breakdown of its expenditure over the last 12 months, Medibank has revealed just how it spent almost $50 million in clean-up costs for the cyber attack it suffered back in October.
The health insurer revealed in its 2023 annual report that it spent a total of $46.4 million, almost half of which went to administrative costs.
This was the biggest expense at $22 million, followed by another $15.6 million in employee benefits expenses, $7.5 million in technological expenses, and $1.2 million in marketing.
Medibank says this fee will continue to grow in the next fiscal year by another $30 million to $35 million, citing “further IT security uplift and legal and other costs related to regulatory investigations and litigation.
“[This] excludes the impacts of any potential findings or outcomes from regulatory investigations or litigation.”
Outlining the measures it has and will continue to put in place, Medibank says that supporting its customers and helping them navigate the cyber attack and its aftermath has been the company’s main focus.
According to the health insurer, 85 per cent of their customers engaged through digital channels.
Some of the measures the organisation has already implemented include the extension of its contact centre hours, bolstering its support team by an additional 300 people, and re-engaging its phone contact and messaging channels.
From a cyber security perspective, Medibank has also introduced two-factor authentication for customers contacting its contact centre and has said it will continue to reinforce its security systems.
“We have worked really hard to regain the trust of our customers and while there is more to do, we are growing again,” said Medibank chief executive officer David Koczkar.
“To our shareholders, thank you for your ongoing support. It’s been a challenging year, but by focusing on our customers and managing our business well, momentum has returned following the cyber crime event.”
Medibank’s cyber attack occurred in October 2022, leading to hackers stealing the information of 9.7 million customers, current and former, across its Medibank, ahm, and My Home Hospital services.
The attack was credited to the Russian-backed cyber group, REvil, who claimed to have stolen 200GB worth of data after obtaining the details of a third-party provider.
“We have focused on doing what is right for our customers, our shareholders, our people and our community following the cyber crime event,” said company chair Mike Wilkins AO.
“The 2023 financial year was a difficult one for Medibank, characterised by the cyber crime event which we identified in October of 2022 and an increasing difficult economic environment.
“Notwithstanding these challenges, the company has continued to demonstrate its resilience and customer focus and delivered a solid financial result for the year.”