Medibank leaders use AGM to restate company's apology on cyberattack

Latest News

Medibank's annual general meeting was dominated by the recent cyberattack that has resulted in the release of some of its customers' private patient information.

Chair Mike Wilkins said the meeting was being held against the backdrop of "challenging circumstances" for the company and its customers.

"This cybercrime event is unprecedented. It has caused distress and concern for many of our customers, our people and for you, our shareholders - many of whom I know are also customers," he said.

"I unreservedly apologise to every person for the significant impact of this crime. It is a despicable act by the criminal seeking to extort payment based on the privacy concerns of our customers and must be condemned in the strongest possible terms."

Mr Wilkins reiterated the company's refusal to pay the demanded ransom.

"Based on extensive advice from cybercrime experts, we formed the view that there was a limited chance paying a ransom would ensure the return of our customers’ data and prevent it from being published," he said, adding, "In fact, the advice we have had is that to pay a ransom could have had the opposite effect and encouraged the criminal to directly extort our customers, and put more people in harm’s way by making Australia a bigger target."

He said the company has engaged Deloitte to conduct a review to "ensure that we learn from this cyberattack and continue to strengthen our ability to safeguard our customers."

"We will share the key outcomes of the review, where appropriate, having regard to the interests of our customers and stakeholders and the ongoing nature of the Australian Federal Police investigation. We are also committed to sharing, where it is safe to do so, what we have learnt from our experience, so that Australian businesses and the broader community can be better placed to navigate any similar challenges in future," he said.

CEO David Koczkar also addressed the cyberattack.

"What has happened is deeply distressing. The weaponising of the private data of many Australians - our customers - is malicious," he said.

"We are steadfast in our resolve to NOT reward this criminal behaviour, nor to strengthen a business model that is based on extortion.

"This is a watershed moment for our community - a harsh reminder of the new frontier in cybercrime that we all face.

"I am devastated for our customers - and I assure you our absolute focus is to continue to support and protect our customers through this time."

Mr Koczkar continued, "Since the very first day our systems detected this unauthorised activity, we have continued to work closely with the Australian Government, including the Australian Cyber Security Centre and the Australian Federal Police, who are investigating this cybercrime."

"AFP investigators under Operation Guardian are scouring the internet and dark web to identify people who are accessing this personal information and trying to profit from it. The AFP is also working with international agencies to disrupt the infrastructure of the criminal," he said.

"We will continue to work around the clock to provide customers with details of their data we believe has been stolen and provide advice on what customers should do and how we can support them," he added.