Zaneta Mascarenhas (Swan, Australian Labor Party) Share this | Link to this | Hansard source

My question is for the Minister for Home Affairs and Cyber Security. What is the government's response to the Medibank cyberincident?

Clare O'Neil (Hotham, Australian Labor Party, Minister for Home Affairs) Share this | Link to this | Hansard source

I really appreciate this question from the member for Swan. It's an issue of great concern to her constituents, to my constituents and to the Australian government.

The member might be aware that today Medibank provided an update on the consequences of the breach on their networks and confirmed that cybercriminals have taken more data than was previously reported. The data that has been taken has been taken not just from the ahm and international student customer database, as they had previously thought, but from the broader Medibank systems. This is really not good news and it's of great concern to the Australian government.

One of the reasons the government is so worried about this is because of the nature of the data that has been held here. In a lot of cyberattacks, our big fears are around identity theft and financial crime—those are very difficult, complex and important cases, but, ultimately, something can usually be done to protect consumers. We can put in place credit monitoring, we can replace ID documents and we can replace bank cards. When it comes to the personal health information of Australians, the damage here is potentially irreparable. Australians who are struggling with mental health conditions, drug and alcohol addiction or diseases that carry some shame or embarrassment are entitled to keep that information private and confidential, and for a cybercriminal to hang this over the heads of Australians is a dog act. It is scum-of-the-earth, lowest-of-the-low territory.

We are taking this incredibly seriously, and the work that is being done is being undertaken by the smartest and toughest people who work for the Australian government. I thank the Australian Signals Directorate and the Australian Federal Police for the intensive work that is underway to hunt down the attacker. They are undertaking a very significant operation. The AFP are leading a criminal investigation into this matter. Services Australia and the Department of Health and Aged Care are working to protect the government information that may be exposed here. Services Australia have done an immense amount of work to protect their own network, which has an interaction with Medibank as a health insurer. We are putting in place substantial supports for Australians should the worst come to the worst and some of this information be made public.

Because of the way that the situation developed over the weekend through Friday and Saturday, on Saturday I asked my department to activate the National Coordination Mechanism to coordinate the work that's being done on Medibank. As the parliament will know, the NCM was set up by the former government as a crisis response mechanism to deal with the most difficult and complex aspects of managing the pandemic. We are picking up that model. What we can see is that Medibank is just as complex and just as urgent as some of what we dealt with there. I believe the NCM has already met three times now, and it will work across state and federal agencies to coordinate the response.

Combined with Optus, this is an enormous wake-up call for the country. Cybercriminals are the thugs of the 21st century—the bag snatchers and the armed robbers. We need to do more as a country to step up, but in the meantime this government is doing everything it can to protect Australians against this breach.