According to recent reports, Medibank is expected to suffer losses of around $26 million for the first half of the year due to a security breach that occurred in 2022. 

The total loss for the year could be as high as $45 million. 

In its half-year results announcement, Medibank revealed that a third-party IT services contractor's user ID and password were compromised. 

The attacker was able to bypass the system's need for an additional digital security certificate using those credentials due to a misconfigured firewall. 

Medibank stated; “The criminal was able to obtain further usernames and passwords to gain access to a number of Medibank's systems, and their access was not contained”. 

The insurer's systems were taken offline for security reinforcement through “operation safeguard” in December. 

All firewalls have now been securely configured, and both internal and third-party security monitoring have been increased. 

Customer acquisition has begun to recover after the attack caused Medibank to lose 13,000 subscribers. 

Medibank CEO David Koczkar has stated that data management will be reviewed, particularly in light of potential Privacy Act revisions, and that the company will continue to improve its security environment.