Private health insurer Medibank pledged transparency to its clients following a cyber attack on October 13 but a UOW graduate says Medibank's changing statements do little to alleviate concerns.
Indian immigrant Karan Angadi is a customer of the Medibank temporary visa health policy, having switched from an overseas student health cover.
Mr Angadi is specifically concerned about his passport details being compromised given that the eligibility for health cover is based on valid passport and visa details.
"With my health cover being so heavily linked to my passport the hack opens opportunities for identity theft. My details can be used for any kind of criminal activities," Mr Angadi said.
"If I am able to get permanent residency or citizenship in the future, I will always be under risk of having it revoked if something doesn't add up," he said.
Although Medibank hasn't explicitly mentioned passport details being leaked, Mr Angadi has little confidence in the insurers' statements considering information about additional compromised data is resurfacing everyday.
What was initially just thought to be an attempt at a hack was confirmed as a successful one with 200 gigabytes of data reportedly breached on October 20.
The health insurer made a further investigative development on October 25, realising the breach was bigger than they anticipated.
The Medibank CEO David Koczar said, "Unfortunately, it is now clear that the criminal has taken data that belongs to Medibank customers, in addition to that of ahm and international student customers. This is a distressing development and I unreservedly apologise."
Wollongong cyber analyst Ryan (who wants to keep his surname private) said the breach was shocking considering health information is always under higher scrutiny.
Mr Ryan said healthcare data is some of the most sensitive data individuals can have, as it is private, confidential and directly related to an individual.
"This opens the flood gates to extortion, targeted email attacks - you wouldn't click a random link for generic medication, but if the link directly relates to your illness or disease, you're more likely to," he said.
The cyber analyst said although the amount of stolen data is believed to be 200GB which isn't a lot, what the data contains is immeasurable in regards to what was in the Optus leak.
Cyber Security Minister Clare O'Neil said, "financial crime is a terrible thing but ultimately a credit card can be replaced. The threat that is being made here to make private, personal health information of Australians made available to the public is a dog act."
