Australia’s Medibank Says Normal Operations Resume After Ransomware Attack

Australia's Medibank Says Normal Operations Resume After Ransomware Attack

(Reuters) – Australian health insurer Medibank Private Ltd said on Monday normal business operations had resumed after an attempted ransomware attack and reaffirmed that there was no evidence that customer data had been removed from the network.

Medibank said last Thursday it would isolate and remove access to some customer-facing systems after it detected unusual activity on its network.

That was the latest in a string of cyber attacks in recent weeks to rock corporate Australia including a breach at second-largest telecoms provider Optus which compromised data of up to 10 million customers and at a Woolworths unit that exposed data of nearly 2.2 million users.

Medibank said its ongoing investigation indicated that its cyber security systems had detected activity “consistent with the precursor to a ransomware event” but that its systems were not encrypted by ransomware.

There was no indication that the incident was caused by a “state-based threat actor”, the company said, adding that an investigation into the incident would continue.

It said its business was tracking in line with its fiscal 2023 forecast and would be unaffected by the incident.

(Reporting by Shashwat Awasthi; editing by Diane Craft and Will Dunham)