Shareholder Class Action Suit on Medibank After Cyberattack


The Australian health insurance giant Medibank is in trouble again. It is caught up in a class action suit filed by Phi Finney McDonald, a law firm. This comes on the heels of a $250 million fine imposed by the Australian Prudential Regulation Authority. In total, Medibank faces five consumer and shareholder class action suits. Phi Finney McDonald claims to be seeking compensation for shareholders, which it stated was different from privacy litigation filed by Medibank customers after their health and personal information was breached.

Phi Finney McDonald’s principal lawyer, Cameron Myers, held that the legal action was mulled after preliminary investigations. According to Mr. Myers, Medibank’s customers and shareholders expected the company to take adequate steps to protect all information held by it. They did not find anything amiss in the declaration by Medibank to the market that it had adequate protections in place. However, in October 2022, Medibank acknowledged the breach of personal data to the tune of 9.7 million existing and former customers and its related entities. Medibank further claimed that 480,000 health claim data records of customers were accessed by hackers.

The law firm alleged in its class action suit that Medibank misled customers and the market, as well as breached its continuous disclosure obligations regarding the adequacy of its information security mechanism. Mr. Myers mentioned the distress and impact on customers who found their data to have been accessed inappropriately by hackers. The law firm further stated that the shareholders of Medibank need to be compensated for losses suffered due to the erosion of trust and confidence in the health insurance company following the disclosure of the state of affairs.

The above-mentioned situation reminds businesses of the need to be aware of the growing incidents of cybercrime. Further, they should implement strict cybersecurity measures for their digital assets to prevent hackers from breaching confidential business and personal data. Manish Chaudhari, CISCO, Cybernetic Global Intelligence, the accredited global leader in offering cybersecurity consulting services, points out the widening gap between the cybersecurity preparedness of businesses and the sophistication of attacks launched by threat actors. According to him, unless businesses or entities realise the enormity of the challenge, and shore up their cybersecurity measures, including training their staff, incidents like Medibank are going to happen.

How Can a Cybersecurity Risk Management Audit Mitigate Cybercrime?

Businesses should not be smug in their belief that hackers only target big businesses. Hackers are wont to attack businesses they feel do not have adequate security measures. They should conduct a cybersecurity risk management audit to identify the vulnerabilities and the response needed in the event of an attack.

In today’s highly competitive world of business, cybersecurity risk management holds immense importance. The growing number of cyberattacks worldwide has prompted board members and C-suite executives to swiftly turn to cloud providers. However, the ultimate responsibility for overseeing risk management still lies with the top leaders of a business enterprise. However, irrespective of the industry they operate in, businesses should prioritise conducting an annual cybersecurity risk management audit.

Benefits of Conducting a Cybersecurity Risk Management Audit

The numerous benefits businesses can accrue by implementing a cybersecurity risk management audit are:

• Demonstrates effective management of cyber risk in a structured manner.
• Establishes control frameworks for detecting and escalating cyber incidents and risks.
• Enhances the organisation’s ability to respond, contain, and detect cyber threat incidents.
• Assesses the culture of cyber effectiveness within the organisation.
• Identifies the capability to evaluate, detect, and respond to third-party cyber risks and incidents.
• Cultivates a culture of risk management within the organisation.
• Reduces the risks associated with unprotected data and information.
• Instills confidence in customers and stakeholders regarding the organisation’s risk management practices.
• Ensures compliance with legal obligations.


The Medibank hacking incident has raised the hackles of every business. The class action lawsuit filed by the law firm, Phi Finney McDonald, is a stark reminder that businesses cannot take things easy anymore. Not only do they risk losing their business and customer assets, but they are also likely to face such lawsuits, causing a huge dent in their brand value and revenue. This is where cybersecurity companies, such as Cybernetic Global Intelligence, can help. For instance, the company possesses a team of certified cybersecurity auditors, including PCI DSS QSA and ISO 27001/2013 lead auditors and assessors, who are well-equipped to provide comprehensive support in all aspects of Cybersecurity risk management and implementation.

The team excels in assessing and validating adherence to Risk Management Compliance Standards. It offers services such as developing diagnostic gap analysis, risk treatment, ongoing monitoring, and assurance with remediation strategies. To know more, call 1300 292 376 or send an email to

Post a Comment