Want to keep informed? We’re making it easier. 

Sign Up
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form

Medibank & AHM Breach Response

Help and advice for current and former Medibank and ahm customers.

IDCARE as Australia's national identity and cyber support community service has been engaged by Medibank to assist community members who have concerns about the exposure of their personal information.

If scammers or cybercriminals have your information, they may try to get in touch with you via email, phone, or text message. They can pretend to be from Medibank, ahm, hospitals and other health service providers, financial institutions, telecommunications carriers, government, or other brands and service providers.

Criminals may contact you and threaten to publish your personal information unless you provide a payment to them. These are known as extortion attempts. These attempts may come in the form of SMS, emails or social media messaging stating that your computer or device has been hacked and they have photos of you and other personal details. The criminals may share personal information obtained from the published breach data in order to legitimise their threat. The criminals may ask you for payment and threaten to publish the photos or personal details if this payment is not made.

Do not click on any links you are sent

Do not provide personal or credential information

Do not give remote access to your computer or mobile device.

Do not provide any financial account details.

Do not provide any payment.

If you believe you have responded to a scam communication, please complete an IDCARE Get Help form to request assistance.


Never respond to unsolicited communications, even if the person knows a little bit about you. Make your own enquiries using an alternative contact method to the one they used. Medibank or ahm will never contact customers requesting passwords or other sensitive information.

Beware of any communication, positive or negative, that sets out to shock you or make you feel a sense of urgency. This is what scammers do when they want you to act without thinking.

Stay up to date with the latest developments about this privacy breach on the Medibank website and ahm Health insurance website.

IDCARE's learning centre provides free advice on how best to protect you and your family from cybercrime. You can also stay abreast of the latest scams impacting Australia's community via IDCARE’s News and Media website, Facebook page, and by subscribing to our free community newsletter, Cyber Sushi.

How Medibank & ahm will contact you

Medibank and ahm health insurance contact customers via email, webpage, SMS, push notifications and post.

Medibank and ahm will never ask for passwords or sensitive information.

If Medibank or ahm find that your information has been accessed, they will notify you by email as soon as possible with specific advice and support.

Information accessed

The information believed to have been accessed in the breach includes:

  • First names
  • Surnames
  • Addresses
  • Date of Birth
  • Medicare Numbers
  • Policy Numbers
  • Phone Numbers
  • Email Addresses
  • Some Passport information
  • Some Claims Information

The claims information includes the location of where a customer received medical services and codes relating to their diagnoses and procedures.