Medibank’s systems are back online after they were shut down over the weekend for a security upgrade. The move was part of efforts to bolster its resilience following the October data breach that impacted 9.7 million customers.
The Australian insurance group said its IT systems were taken offline for planned “maintenance” works that involved IT security advisors from Microsoft. The rollout had taken place at Medibank’s headquarters in Melbourne.
“Given the complexity of the maintenance activities and the requirement to take our systems offline, this operation has been in the planning stages for several weeks,” the company said in a statement.
All customer-facing platforms were tested and IT systems brought back online ahead of schedule on Saturday, operating with enhanced security features, it added. Customers regained access to Medibank’s website and apps, which went offline during the upgrade, but its retail outlets and call centres remained shut until Monday.
The Australian company noted that no suspicious activities were detected inside its systems since the data breach was announced on October 12.
It said it had implemented several measures to enhance its security since the incident, including two-factor authentication at its contact centres when customers call for support and additional detection and forensics features. It also expanded analytics capabilities through third-party specialists.
Medibank said it still was analysing data released by cybercriminals on the dark web, noting that no additional files had been released since December 1 when hackers released six zipped folders containing compromised customer data.
The folders reportedly contained all remaining data that was stolen in the breach, prior to which hackers involved in the theft had released the files in batches alongside demands for ransom. Medibank had said it would not pay any ransom.
The October security breach affected 9.7 million current and former customers, including 1.8 million international customers, and leaked data such as names, dates of brith, phone numbers, and email addresses. Health claims data of some customers also were accessed, including locations where they had received medical services and codes linked to diagnoses and procedures administered.
According to Medibank, there was no indication financial or banking details had been compromised and the stolen data alone was insufficient to facilitate identity or financial fraud.