Experts say Medibank should pay a ransom because all of its customers' information was leaked.
Since hackers were able to see the personal information of all Medibank customers, including those with ahm and international, an expert says the health insurance giant should pay the ransom.
Professor Richard Buckland said that since the cyber attack exposed sensitive medical information, it might be best to pay the ransom.
"I can't believe I'm saying this, but maybe it would be best to pay the ransom in this case," Buckland said.
The insurance company's response to the cyber attack could cost up to $35 million, but lawsuits and fines could make that number much higher.
It comes after Medibank said this morning that hackers got into the personal and sensitive health information of all four million of its customers.
"Our investigation has now shown that the criminal had access to the personal information of all ahm customers and a large amount of health claims data," Medibank said in a statement.
"As a result, we think the number of customers who will be affected could grow a lot."
Medibank said that ransomware had not yet locked up its IT systems, so customers could still use health services.
Support for affected customers includes "hardship packages" for people in "uniquely vulnerable" situations, free identity monitoring for people whose identities have been stolen, and free reissues of documents that have been stolen.
Cyber Security Minister Clare O'Neil said yesterday that the damage from the hack could not be fixed.
"Australians who are struggling with mental health issues, addiction to drugs or alcohol, or diseases that are embarrassing or shameful have the right to keep that information private and secret," she said.
"This is a stupid thing for a cybercriminal to do to the people of Australia. It is the lowest of the low, the scum of the earth."
The AFP is still trying to figure out what happened.
Optus, which was also the target of a major cyber attack in which the information of 2.1 million customers was stolen, told its customers how successful it was in fighting hackers.
A bragging message said, "We went public early, we talked to the government quickly, we listened, we learned, and we acted right away."