The Forbes Advisor editorial team is independent and objective. To help support our reporting work, and to continue our ability to provide this content for free to our readers, we receive payment from the companies that advertise on the Forbes Advisor site. This comes from two main sources.
First, we provide paid placements to advertisers to present their offers. The payments we receive for those placements affects how and where advertisers’ offers appear on the site. This site does not include all companies or products available within the market.
Second, we also include links to advertisers’ offers in some of our articles. These “affiliate links” may generate income for our site when you click on them. The compensation we receive from advertisers does not influence the recommendations or advice our editorial team provides in our articles or otherwise impact any of the editorial content on Forbes Advisor.
While we work hard to provide accurate and up to date information that we think you will find relevant, Forbes Advisor does not and cannot guarantee that any information provided is complete and makes no representations or warranties in connection thereto, nor to the accuracy or applicability thereof.
While Medibank offers comprehensive health insurance policies for singles, couples and families via its range of hospital only, extras only or combined plans, there’s no denying the recent data breach has wreaked havoc on the public’s trust in the health insurer.
According to reports, a criminal stole the login credentials of a Medibank employee with high-level systems access, and sold them to a separate hacker on a Russian language online forum–leading to the data breach that affected more than 9 million current and former Medibank customers.
While businesses of all sizes can fall victim to cyber attacks, it is certainly made even more daunting when a government-backed business is in hot water due to limited cybersecurity compliance and unreasonable data practices.
As such, Medibank has ultimately lost its credibility as a reputable private health insurer in Australia and has to be reviewed accordingly. It will take a long time, no doubt, for affected consumers to regain their trust in the fund.
Medibank was founded back in 1976 as a non-for-profit, government-owned insurer. It became for-profit in 2009 and was listed on the ASX as a publicly-traded company in 2014, as it remains today. Medibank says it has more than 3.9 million customers and occupies a 24.3% market share of the total health insurance pool in Australia, making it one of the nation’s largest health insurers.
However, due to the 2022 Medibank cyber attack–in which more than nine million customers’ private data and health records were accessed and released on the dark web–those figures are anticipated to dip in the coming months.
Unsurprisingly, This cyber attack has led to an influx of negative reviews for Medibank on Australia’s largest consumer opinion site, Product Review, with Medibank scoring an average of 1.5 stars out of 5 from 895 reviews.
Further details of the cyber attack can be found at the end of this review. First, let’s explore what Medibank covers as a health insurer.
Medibank offers a variety of health insurance plans to suit the needs of its individual consumers. Customers can choose from singles cover, couples cover, family cover or cover for single parents.
From there, consumers can choose to take out hospital only cover, extras only cover, or a plan that covers both hospital and extras–with varying amounts of excess and differing levels of inclusions, such as ‘Bronze Everyday’ or ‘Gold Complete’.
Whichever option a consumer chooses, it’s essential to select ‘cover for child birth’ when searching for a quote, as only a few Medibank insurance plans include the necessary hospital inclusions for giving birth.
Most Medibank hospital cover from basic to comprehensive include ambulance services and cover for accidents, while the majority of options for extras cover include general dental, physio and optical.
For more specific coverage, higher premium plans are required: such as hospital cover for chemotherapy or joint reconstructions, and extras cover for speech therapy or orthodontics.
It is always essential to read the product disclosure statement before taking out a health insurance policy to ensure you are covered for you and your family’s specific needs.
Across its differing plans, Medibank has a returned benefits percentage of 83.6%. This is the percentage of total contributions received by the insurer that are returned to the contributors in benefits.
The health insurer also has 86% member retention (on its hospital cover only plans), with its website and subsequent data showing good coverage for a wide array of needs. However, the 2022 data breach has affected public trust in the company and its overall reputation.
All health funds have waiting periods, which is a period of time you need to wait after taking out your cover before you can claim benefits.
At Medibank, for most services, the wait time is two months. However, for optical and ultra bonus for out-of-pocket expenses, the wait time is six months.
Medibank says it is standard practice in the private health insurance industry to apply a 12-month wait time before benefits are payable for pre-existing conditions, which Medicare includes.
It also has a 12-month waiting period for obstetrics-related services, major dental services and breathing appliances; however, it does not apply for hospital treatment for psychiatric treatment, rehabilitation treatment or palliative care.
There is a 24-month wait for blood glucose monitors, and 36 months’ wait for hearing aids and laser eye surgery.
A ‘no gap policy’ refers to the amount that your private health insurer will pay on your behalf for a consultation, treatment or surgery, leaving you with no out-of-pocket costs.
At Medibank, 85.5% of all services covered incur no-gap payable by the patient (as an average percentage across all policy types). This is after accounting for insurer benefits, schemes and agreements.
Medibank has two options that include cover for the hospital, being its hospital-only policy or its hospital and extras cover policy. If you choose either of these options, you will be covered for the hospital to varying degrees, depending on the policy you choose.
Data shows that, out of all of the hospital-related charges claimed by members to Medibank nationwide, a total of 90.6% were covered by the health insurer.
Along with the aforementioned member retention rate of 86% for hospital-only policies, it is clear that Medibank covers its members for the hospital in a sufficient manner.
Akin to hospital cover, Medibank will only cover you for certain extras if you take out one of their extras policies–being extras only, or the hospital and extras cover policy.
All of its policies that include extras cover offer cover for general dental, physio and optical. However, it does not include major dental, which includes more complex procedures such as root canal treatment or dental implants.
Additionally, in order to claim general dental, physiotherapy, or optical treatments, Medibank customers have to attend Medibank-specified Members’ Choice providers–which are not available in all areas.
Medibank customers can search for Members’ Choice providers near them by using the ‘Find a provider’ tool online.
Medibank often runs further discounts and sign-up incentives for new members. At the time of writing, Medibank is offering the first six weeks free, with both two and six month waiting periods waived for eligible new policies.
Of all complaints investigated by the Ombudsman across all insurers, 19.7% have been complaints in regards to Medibank.
The Commonwealth Ombudsman explains online that it investigates complaints about actions and decisions of agencies to “see if they are wrong, unjust, unlawful, discriminatory or just plain unfair”.
“The Ombudsman also seeks remedies for those affected by administrative deficiency, and acts to improve public administration generally,” its website reads.
When it comes to health insurance, complaints must be about a health insurance arrangement. Where an insurer’s share of complaints investigated by the Ombudsman is higher than its market share, it indicates that members of that insurer are more likely to complain than those of other similar-sized insurers.
This year, Medicare complaints–whether reported to the Ombudsman or otherwise–have drastically increased due to the Medicare data breach.
Just a mere few weeks after Optus, a major Australian telecommunications company, fell victim to a cyber hack, Medibank became aware of its own. The initial cybersecurity incident occurred on October 12, 2022, when “unusual activity” was detected on Medibank’s internal systems.
The company swiftly released a statement that said there was “no evidence that customer data has been accessed” during the breach; by October 18, 2022, it was made clear that hackers had accessed 200GB of personal customer data.
On October 20, Medibank released an update confirming that the Australian Federal Police is investigating the breach as a cyber crime, with the data leaked including personal identification and documentation data as well as health claims, diagnoses and procedure information.
In exchange for the data, the hackers requested $15 million ransom to be paid by Medicare. On November 5, Medibank informed the cyber criminals that it will not be paying any ransom.
Beginning November 9, the hackers released the private data of Medicare customers on the dark web.
“Given the nature of the stolen data that the criminal continues to release on a dark web forum we are in the process of contacting customers, and we urge our customers to reach out for support,” Medicare stated on November 14.
In the days and weeks following the data breach, Medibank began contacting all of its customers via email or post to inform them of the specific data believed to have been stolen.
Upon receiving the notice, customers will find a reference number that they can enter through a portal on the Medicare website to find out what to do if they have been affected.
If you have not yet been contacted by Medibank, you should still take precautions to protect your data, including changing your passwords and remaining alert for phishing scams via text, phone or email.
Medibank offers icustomer service on Saturdays from 9am-4pm and during the week from 8am-8pm. It also has a livechat function available via its website.
In the days and weeks following Medibank’s cyber attack, many customers expressed disappointment in the health insurer for not contacting them personally after their data was released on the web.
‘Good’ health insurance is largely defined by your own personal health needs. While Medibank does offer comprehensive plans with optional extras for individuals, its recent cyber attack has caused the company to be viewed in a negative light by many customers.
You can contact Medibank health insurance anytime through its livechat function online. Alternatively, for sales and support, the contact number is 1300 576 282.
Your Medibank policy number can be found on the front of your Medibank card. It can also be located online via your member’s portal, or on official documentation received by post or mail from Medicare.
Sophie Venz is an experienced editor and features reporter, and has previously worked in the small business and start-up reporting space. Previously the Associate Editor of SmartCompany site, Sophie has worked closely with finance experts and columnists around Australia and internationally. Sophie grew up on the Gold Coast and now lives in Melbourne.