Medibank Data Breach update

Recently some doctors have received letters from Medibank informing them that some aspects of their details were included in the 2022 cyber-attack, even if they had no professional or customer relationship with Medibank.

Services Australia has advised that medical professionals affected in this way do not need to get a new provider number. The AMA has confirmed with Medibank that banking details were not accessed in the cybercrime.

When a Medicare-registered provider registers or updates their practice details with Services Australia, an agreement between Services Australia and Medibank enables access to these registration details to support the claim process. The information made available includes the provider’s name, the practice address that they have registered, specialty codes and the status of the practice. It’s important to note that it’s whatever you as the provider has registered as being your address to provide services (the information does not say whether it is your home address or not).

This information is used to support Medibank members who have made claims on their policy. As these details were in the Medibank system when the cyber event occurred, Medibank has now contacted providers to let them know that this information was accessed and what support is available. The claims most common to this process for GPs are for non-residents, who may claim for services as part of their overseas health cover.

If you have any enquiries, you can call the Medibank Hospital and Provider Advocacy team on 1300 130 460 (Mon-Fri, 9am-5pm AEDT).

Medibank has also developed a specific webpage which provides up to date information (including FAQ’s) which can be accessed here:  Provider cyber event information | Medibank.