Medibank fraud and ANZCA

14 November 2022

ANZCA has received updated fraud advice from Medibank for fellows in response to the recent data breach.

“If you’re concerned that your provider number has been exposed, you don’t need to request a new provider number. If you suspect someone may be committing fraud against Medicare, you can report it on the Services Australia website.”
 
The advice includes the following statement about providers who may have been affected by the breach:
 
“The Australian Federal Police has expanded Operation Guardian to protect our customers and providers whose personal information has been unlawfully released online by ransomware criminals. We’ve worked with Services Australia to ensure appropriate preventative and monitoring measures are in place. We are also contacting all health funds to update them of the latest developments and best actions to take.  
 
Services Australia has confirmed a provider number is not enough information for a criminal to access Medicare records or claiming systems. These claiming systems include security measures to prevent unauthorised access."  
 
Medibank says it will be "contacting impacted providers soon to advise them directly of the cybercrime, details of the data relevant to them which was accessed, and what steps they can take to protect themselves (including support we have made available).  Further updates relating to providers will be available on our health provider site."
 
Medibank says its investigations "are ongoing and we will continue to provide updates when information becomes available and is verified.” 
 
Medibank has told us that based on their investigations so far, they do not believe the criminal has accessed:  

• Banking details  
• Health claims data for ancillary services  
• Patient medical records which are shared by hospitals as part of substantiating claims