Medibank says it is still "working around the clock" to resolve the cybersecurity incident on its network.
The company detected unusual activity on its network last week. It said it took immediate steps to contain the incident and engaged specialised cyber security firms.
"At this stage, there is no evidence that any sensitive data, including customer data, has been accessed," it said, adding that any ongoing investigations are yet to produce evidence that its customer data had been accessed or removed from the network.
The company said its response includes isolating and removing access to some customer-facing systems to reduce the likelihood of damage to systems or data loss.
"As a result our ahm and international student policy management systems have been taken offline. We expect these systems to be offline for most of the day," it said, adding, "This will cause regrettable disruptions for some of our customers. ahm and international student customers will still be able to contact our customer teams via phone but at this stage our people won’t be able to access policy information."
In its most recent update, the company said it has sent around 3.7 million emails to current and former Medibank and ahm customers, and that text messages were being sent to customers who preferred this form of communication.
“I apologise and acknowledge that in the current environment this news may make people concerned," said CEO David Koczkar.
"Our highest priority is resolving this matter as transparently and quickly as possible.
“We will continue to take decisive action to protect Medibank Group customers and our people.
“We recognise the significant responsibility we have to the people who rely on us to look after their health and wellbeing and whose data we hold.
"We are working around the clock to understand the full nature of the incident, and any additional impact this incident may have on our customers, our people and our broader ecosystem."