Medibank has revealed hackers had access to the data of at least 4 million customers. 

The company said its investigations have established that all Medibank, ahm and international student customers' personal data was accessed in a recent cyber attack, including significant amounts of health-claims data, but Medibank is yet to determine whether it was actually stolen.

The private health information of about one in five Australiansis reportedly being ransomed for an as yet undisclosed price. 

Medibank is said to be taking expert advice on whether to pay up.

Experts say about 80 per cent of hacked businesses choose to pay the ransom, with an average cyber ransom amount paid of $1.01 million.

Fergus Hanson from the Australian Strategic Policy Institute says the willingness of Australian boards to pay such ransoms has put Australia in the spotlight for cybercriminals.

“The problem we’ve got in Australia for businesses is they’re just haemorrhaging money from these completely unproductive activities with overseas cyber criminal gangs that are just breaking into this system stealing their stuff, or encrypting their files and then demanding payment for no productive service that they provide,” Mr Hanson has told reporters.

He suggests making the payments illegal. 

“We need to get to a point where we stop paying ransoms because cyber criminals would just not target Australia if it were illegal. They target people that pay and if we don’t pay they’re not going to target us,” he said. 

However, Medibank would run the risk of laying bare the private health records of millions of members and past and present if it does not pay up. 

Fderal cybersecurity minister Clare O’Neil one the weekend assembled the nation’s “brightest and smartest” under the auspices of the all-powerful National Coordination Mechanism, to fight the criminal “scum” engaging in what she calls a “dog act”. 

The National Coordination Mechanism was developed by the former Coalition government and driven by Emergency Management Australia to respond to the COVID-19 pandemic. It has since been embedded as a permanent tool in the government’s arsenal when responding to a crisis.

This mechanism will “ensure that all possible support is being provided to Medibank and all those uniquely vulnerable Australians affected by this incident”, Ms O’Neil said.

“The efforts of the Albanese government to prevent and manage harm are extensive, with hundreds of people within government working to support Medibank’s response to this incident and to help protect affected customers.”

The Australian Signals Directorate is offering technical advice to medibank, while the AFP is investigating the breach too. 

Services Australia and the Health department have reportedly been working with Medibank to identify what information has been exposed.