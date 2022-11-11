No one ever thinks, as they sign up for, or renew, their health insurance each year, about the consequences of handing over so much sensitive information in one hit.
Or if they do, it would probably seem, on balance, to be worth it in exchange for financial protection against the vagaries of life and the possibility of a medical emergency.
This is surely the case when a person is dealing with one of the country's largest medical insurers. Or at least it was.
The horrors currently unfolding online for Medibank are a true wake-up call. Not for customers, but rather for large businesses and corporations that routinely collect and store personal information.
And for what purpose, exactly?
When Optus was hacked earlier this year, it was a strange and puzzling revelation that a telco would be holding onto such details as passport numbers, long after a customer had registered.
Surely there is certain information that can be deleted after a certain time, in the same way that credit card details are not retained once a customer has made a purchase.
But a medical insurer has a lot more to answer for. Medibank has confirmed details of almost 500,000 health claims have been stolen, along with personal information, after the group, reportedly a Russia-based cyber-criminal gang, hacked into its system weeks ago.
In the latest data dump of stolen customer information, the ransomware group behind the hack released sensitive details of customers' medical procedures.
The hackers also "thumbed their noses" at the federal government after being warned the toughest "cyber guns" in Australia were coming after them.
It's a distressing scenario for all affected - blameless customers who never imagined that playing it safe would be such a risk.
If cyber-hacking is now the new "break and enter", it's incumbent upon those entrusted with holding private information to deal with it properly.
The federal government is now trying to come up with solutions to what is a fast-moving and unpredictable problem; Cyber Security Minister Clare O'Neil spoke with Medibank chief executive David Koczkar twice on Thursday to "make clear" community expectations.
Which are, of course, that businesses are diligent - far more diligent than they ever had been - around the handling of private information.
In this age of endless cyber-security and a seemingly infinite number of passwords any one of us is forced to take on every week as we sign up for services, log into shopping networks, buy things online or use streaming services, savvy internet users have long cottoned onto the concept of password hygiene, using password protectors to prevent being personally hacked.
Surely it's time for a centralised agency tasked with storing and protecting sensitive private information on behalf of large participating businesses and corporations?
Homeowners know to lock doors and hide car keys, but shouldn't have to also worry about external storage units or bank accounts.
In a time when most of us live a large swathe of our lives online, there's no real alternative.
And for those who profit from this convenience - including medical and other insurance companies - this week is the starkest wake-up call yet.
