Want to keep informed? We’re making it easier. 

Sign Up
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form

Medibank & AHM Breach Response For Providers

Help and advice for current and former Medibank and ahm providers.

IDCARE as Australia's national identity and cyber support community service has been engaged by Medibank to assist providers who have concerns about the exposure of their personal and business information.

If scammers or cybercriminals have Medibank provider information, there may be an increased risk of phishing attempts via emails, phone, and SMS. Criminals may impersonate Medibank, ahm, hospitals and other health service providers, financial institutions, telecommunications carriers, government, or other brands and providers.

Criminals may contact you and threaten to publish your personal information unless you provide a payment to them. These are known as extortion attempts. These attempts may come in the form of SMS, emails or social media messaging stating that your computer or device has been hacked and they have photos of you and other personal details. The criminals may share personal information obtained from the published breach data in order to legitimise their threat. The criminals may ask you for payment and threaten to publish the photos or personal details if this payment is not made.

If you believe you have responded to a scam communication, please complete an IDCARE Get Help form to request assistance.


Never respond to unsolicited communications. Medibank or ahm will never contact providers requesting passwords or other sensitive information.

Do not provide any financial account details or provide any payment for extortion threats.

Beware of any communication that provokes a sense of urgency. This is a technique used by scammers to make you act without thinking and comply with a scam.

Stay up-to-date with the latest developments about this privacy breach on the Medibank website and ahm Health insurance website.

IDCARE's Learning Centre provides recommendations on how best to protect you and your business from cybercrime.  You can also stay abreast of the latest scams impacting Australia’s community via IDCARE’s News and Media and Facebook page.

How Medibank & ahm will contact you

Medibank and ahm health insurance contact providers via email, webpage, SMS and post.

Medibank and ahm will never ask for passwords or sensitive information.

If Medibank or ahm find that your information has been accessed, they will notify you by email or post as soon as possible with specific advice and support.

Information accessed

The information believed to have been accessed in the breach that relates to Medibank/ahm providers includes:

  • Medicare / Medibank / ahm Provider Numbers
  • Full Name
  • Physical Addresses
  • Phone Numbers
  • Email Addresses

For a group of providers, some additional information was also accessed, pertaining to internal audits undertaken on claims submitted for members and/or details about the services provided to some customers (such as MBS items and related charges). There is no further action required to take regarding patients who have had their treatment details stolen; Medibank have contacted all impacted customers individually.  Medibank advise that details would be contained in notifications sent to providers if they were impacted in this way. If you are unsure, please contact Medibank directly for assistance.

Medibank updates will be on this page: