Medibank Company CyberSecurity Posture

medibank.com.au
ISOSOC2 Type 1SOC2 Type 2PCI DSSHIPAAGDPR

At Medibank we are motivated by improving the health of all Australians and the health of our members. We are passionate about building a better health system that is centred on people, and sustainable in the long term. Medibank’s core business is the underwriting and distribution of private health insurance policies through our two brands, Medibank and ahm. We also provide a range of integrated healthcare services to our private health insurance policyholders, government, corporate and other retail customers. Medibank’s headquarters are in Melbourne, Victoria, with operations throughout Australia.

Medibank A.I CyberSecurity Scoring

Medibank

Company Details

Linkedin ID:

medibank

Website:

https://www.medibank.com.au

Employees number:

3,712

Number of followers:

56,069

NAICS:

524

Industry Type:

Insurance

Homepage:

medibank.com.au

IP Addresses:

Scan still pending

Company ID:

MED_1116859

Scan Status:

In-progress

AI scoreMedibank Risk Score (AI oriented)

Between 0 and 549

https://images.rankiteo.com/companyimages/medibank.jpeg
Medibank Insurance
Updated:
  • Powered by our proprietary A.I cyber incident model
  • Insurance preferes TPRM score to calculate premium
globalscoreMedibank Global Score (TPRM)

XXXX

https://images.rankiteo.com/companyimages/medibank.jpeg
Medibank Insurance
  • Instant access to detailed risk factors
  • Benchmark vs. industry & size peers
  • Vulnerabilities
  • Findings

Medibank

Critical
Current Score
526
C (Critical)
01000
6 incidents
-17.0 avg impact

Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.

DECEMBER 2025
526
NOVEMBER 2025
524
OCTOBER 2025
520
SEPTEMBER 2025
513
AUGUST 2025
507
JULY 2025
500
JUNE 2025
492
MAY 2025
502
Cyber Attack
30 May 2025 • Medibank
Australia Requires Ransomware Victims to Report Extortion Payments

Medibank experienced a high-profile cyberattack where sensitive customer data, including personal and financial information, was compromised. This attack exposed the personal information of customers, leading to significant reputational damage and potential legal consequences for the company.

485
critical -17
MED718053025
Incident Details -
Type
Legislation
Motivation
Improve visibility over ransomware threats
Response
Law Enforcement Notified: Yes
Regulatory Compliance
Regulatory Notifications: Australian Signals Directorate (ASD)
References
Blog URL Source URL
APRIL 2025
497
MARCH 2025
490
FEBRUARY 2025
482
JANUARY 2025
475
NOVEMBER 2022
519
Breach
01 Nov 2022 • Medibank
Medibank Data Breach

Medibank, Australia's largest health insurer, has suffered a cybersecurity incident. It has led to a data breach of around 9.7 million of the company's customers and clients. They accessed data such as the name, date of birth, mailing address, phone number and email address of those affected, along with other information such as customer and credit card IDs, among others.

157
critical -362
MED048271122
Incident Details -
Type
Data Breach
Impact
name date of birth mailing address phone number email address customer IDs credit card IDs
Data Breach
name date of birth mailing address phone number email address customer IDs credit card IDs
References
Blog URL Source URL
Ransomware
01 Nov 2022 • Medibank
Medibank Data Breach

Hackers managed to gain access to all of the Medibank's customers’ personal data. Medibank denied to pay ransom in hack that impacted 9.7 million current and former customers and some of their authorized representatives. The criminals accessed data including the name, date of birth, address, phone number and email address. The criminals are also believed to have accessed health claims data for 480,000 customers, including “codes associated with diagnosis and procedures administered.”

157
critical -362
MED23271122
Incident Details -
Type
Data Breach
Impact
Personal Data Health Claims Data
Data Breach
Personal Data Health Claims Data Sensitivity Of Data: High name date of birth address phone number email address
References
Blog URL Source URL
OCTOBER 2022
683
Cyber Attack
01 Oct 2022 • Medibank
Medibank Private Cyber Attack

Health insurer Medibank Private says it has been hit by a cyber attack. The company said "unusual activity" had been detected on its network on Wednesday, but there was no evidence sensitive data, including customer information, had been accessed. Some customer-facing systems have been taken down which will cause "regrettable disruptions" to some customers, but health services will still be available. It is the latest cyber attack after the Optus breach last month, which affected millions of customers.

510
critical -173
MED192551122
Incident Details -
Type
Cyber Attack
Impact
customer-facing systems regrettable disruptions
References
Blog URL Source URL
Ransomware
01 Oct 2022 • Medibank
Medibank Ransomware Attack

Medibank, the Australian health insurance business targeted by the ransomware attack, attakers accessed its customers’ data. Ransomware did not encrypt Medibank's systems, but thieves frequently steal data to blackmail their victims. They investigated the incident and took actions to protect of their customers’ data very seriously.

510
high -173
MED220191022
Incident Details -
Type
Ransomware Attack
Motivation
Data Theft and Blackmail
Impact
Data Compromised: Customer Data
Data Breach
Type Of Data Compromised: Customer Data
Investigation Status
['Investigated']
References
Blog URL Source URL
JUNE 2022
777
Ransomware
16 Jun 2022 • Medibank
Joint Sanctions Imposed on Bulletproof Hosting Providers Enabling Ransomware Operations

Medibank, one of Australia’s largest private health insurers, suffered a devastating **ransomware attack in 2022**, orchestrated by cybercriminals linked to **Aleksandr Ermakov**—a key figure sanctioned in the recent bulletproof hosting crackdown. The breach resulted in the **theft of sensitive personal and health data of 9.7 million current and former customers**, including names, addresses, dates of birth, Medicare numbers, and even **highly sensitive health claims data** (e.g., mental health, drug addiction, and abortion records). The attackers, affiliated with the **REvil ransomware group**, initially demanded a ransom, but Medibank refused to pay, leading to the **public dump of stolen data on the dark web**. The fallout was catastrophic: **class-action lawsuits**, regulatory investigations, and **irreparable reputational damage**. Customers faced **identity theft risks, blackmail attempts, and fraudulent activities** tied to their exposed data. The financial toll exceeded **$35–50 million AUD** in direct costs, including **remediation, legal fees, and customer compensation**, while the **long-term erosion of trust** led to **customer churn and market share decline**. The attack also triggered **government scrutiny over cybersecurity failures**, with Medibank’s CEO later stepping down. The incident remains one of Australia’s **worst data breaches**, exemplifying how ransomware-as-a-service (RaaS) ecosystems, enabled by bulletproof hosting, can cripple critical infrastructure.

675
critical -102
MED2232322112125
Incident Details -
Type
Sanction Law Enforcement Action Cybercrime Infrastructure Disruption
Attack Vector
Bulletproof Hosting (BPH) Malicious Infrastructure Provisioning
Motivation
Financial Gain Facilitation of Cybercrime Infrastructure-as-a-Service for Ransomware
Impact
Disruption of ransomware supply chain Increased operational costs for cybercriminals Risk of secondary penalties for entities transacting with sanctioned parties Diplomatic message against cybercrime enablers Deterrence for infrastructure providers Asset freezes Travel bans Prohibitions on business transactions Secondary penalties for non-compliance
Response
U.S. Treasury’s Office of Foreign Assets Control (OFAC) U.K. Foreign, Commonwealth & Development Office Australian Department of Foreign Affairs Asset freezes Travel bans Business transaction prohibitions Disruption of bulletproof hosting infrastructure Increased operational costs for ransomware actors Public attribution of sanctioned entities Diplomatic messaging to encourage global coordination Persistent monitoring of bulletproof hosting providers Collaboration with infrastructure providers and domain registrars
Regulatory Compliance
International Sanctions (OFAC, UK FCDO, Australian DFAT) Asset freezes Travel bans Business prohibitions Public sanction lists Secondary penalty warnings for non-compliant entities
Lessons Learned
Targeting cybercrime infrastructure (e.g., bulletproof hosting) can disrupt ransomware operations at the supply chain level. International collaboration is critical for effective enforcement against globally distributed threat actors. Bulletproof hosting providers frequently rebrand and change jurisdictions to evade scrutiny, requiring persistent monitoring. Sanctions against enablers (not just direct attackers) increase operational risks for cybercriminals and deter infrastructure providers.
Recommendations
Enhance cross-border cooperation to track and disrupt bulletproof hosting providers. Implement stricter due diligence for hosting services to prevent abuse by cybercriminals. Encourage domain registrars and infrastructure providers to proactively monitor and report suspicious activity. Expand sanctions to include other layers of the ransomware economy (e.g., access brokers, cryptocurrency mixers). Invest in technological solutions to detect and attribute malicious infrastructure reuse.
Investigation Status
['Ongoing (sanctions imposed; monitoring for compliance and rebranding attempts)']
Stakeholder Advisories
Organizations are warned against transacting with sanctioned entities to avoid secondary penalties. Infrastructure providers (e.g., hosting services, domain registrars) are advised to enhance abuse detection and reporting mechanisms. Financial institutions are urged to monitor transactions linked to bulletproof hosting operators.
Initial Access Broker
Bulletproof hosting services (PVServers, LumoHost) Ransomware groups Phishing operators Malware C2 servers
Post Incident Analysis
Lack of accountability for cybercrime-enabling infrastructure providers. Jurisdictional challenges in attributing and sanctioning threat actors operating across borders. Rebranding and operational flexibility of bulletproof hosting services to evade law enforcement. Expand sanctions to cover the full ransomware supply chain (infrastructure, access brokers, monetization). Strengthen international frameworks for sharing threat intelligence and enforcement actions. Develop technological tools to track infrastructure reuse and attribute malicious activity. Impose stricter regulatory requirements on hosting providers to prevent abuse.
References
Blog URL Source URL

Frequently Asked Questions

According to Rankiteo, the current A.I.-based Cyber Score for Medibank is 526, which corresponds to a Critical rating.

According to Rankiteo, the A.I. Rankiteo Cyber Score for November 2025 was 524.

According to Rankiteo, the A.I. Rankiteo Cyber Score for October 2025 was 520.

According to Rankiteo, the A.I. Rankiteo Cyber Score for September 2025 was 513.

According to Rankiteo, the A.I. Rankiteo Cyber Score for August 2025 was 507.

According to Rankiteo, the A.I. Rankiteo Cyber Score for July 2025 was 500.

According to Rankiteo, the A.I. Rankiteo Cyber Score for June 2025 was 492.

According to Rankiteo, the A.I. Rankiteo Cyber Score for May 2025 was 502.

According to Rankiteo, the A.I. Rankiteo Cyber Score for April 2025 was 497.

According to Rankiteo, the A.I. Rankiteo Cyber Score for March 2025 was 490.

According to Rankiteo, the A.I. Rankiteo Cyber Score for February 2025 was 482.

According to Rankiteo, the A.I. Rankiteo Cyber Score for January 2025 was 475.

Over the past 12 months, the average per-incident point impact on Medibank’s A.I Rankiteo Cyber Score has been -17.0 points.

You can access Medibank’s cyber incident details on Rankiteo by visiting the following link: https://www.rankiteo.com/company/medibank.

You can find the summary of the A.I Rankiteo Risk Scoring methodology on Rankiteo by visiting the following link: Rankiteo Algorithm.

You can view Medibank’s profile page on Rankiteo by visiting the following link: https://www.rankiteo.com/company/medibank.

With scores of 18.5/20 from OpenAI ChatGPT, 20/20 from Mistral AI, and 17/20 from Claude AI, the A.I. Rankiteo Risk Scoring methodology is validated as a market leader.