Medibank

Medibank Private Limited, better known as simply Medibank, is one of the largest Australian private health insurance providers, covering over 4 million people in 2024. Medibank initially started as an Australian Government not-for-profit insurer in 1976, before becoming for-profit in 2009 under the Rudd Government and privatised by the Abbott government in 2014. Medibank now operates as a publicly-listed company on the Australian Securities Exchange.

History
Medibank began business as an Australian Government-owned private health insurer, established by the Whitlam government in 1975 through the Health Insurance Commission. Medibank was set up to provide competition to private "for-profit" health funds and to put pressure on other health funds to keep premiums at a reasonable level.

In 2006, the Howard Coalition government announced that Medibank would be sold in a public float if it won the 2007 election. However, they were defeated by the Australian Labor Party under Kevin Rudd, which had already pledged that Medibank would remain in government ownership. After 2009, although continuing in government ownership, Medibank operated as a government business enterprise, operating as a fully commercialised business, paying tax and dividends under the same regulatory regime as do other registered private health funds. Before the 2010 election, Liberal leader Tony Abbott made the same pledge to privatise Medibank if it won government, but the party was again defeated by Labor. Again, privatisation was Liberal party policy at the 2013 election, which the Coalition won.

In March 2010, Medibank withdrew benefits for restricted services on its basic First Choice Savers hospital policy. As of June 2010, benefits for procedures such as heart operations and assisted reproductive services will be available only to customers on more comprehensive policies, costing as much as 50% more. Medibank stated that the changes were intended to improve customer understanding of their products. They further stated the impact on customers will be small due to the low rate of use of the restricted services.

In late March 2016, after 14 years as CEO, George Savvides retired earlier than expected. Former NAB chief financial officer Craig Drummond was offered the role and commenced in July 2016. Following Craig Drummond’s retirement, David Koczkar was appointed CEO in May 2021.

"Not for profit" to "for profit" health fund
Medibank was previously run as a not for profit organisation and later operated as a for-profit government business enterprise with dividends paid to the Federal Government. In May 2009, the Rudd government announced that Medibank would become a "for profit" business and would pay tax on its earnings. The process of converting the status of the business was completed on 1 October 2009 following approval from the then regulator, the Private Health Insurance Administration Council (PHIAC), an independent statutory authority which regulated the Australian private health insurance industry until 2014. Private health insurance policy is now developed by the Department of Health.

Medibank privatisation
On 26 March 2014, Abbott government Minister for Finance Mathias Cormann announced that Medibank would be sold through an initial public offering (IPO) in the 2014–2015 financial year.

With the Medibank Private IPO priced at $2.15, the government exceeded the indicative range of $1.55 to $2.00 disclosed in the prospectus. However, it ensured that retail investors only pay $2.00, locking in a minimum 7% gain for them in the short-term. The sale raised $5.7 billion for the government. The sale was completed with 100% of the company sold, listing on the Australian Stock Exchange under the code MPL on 25 November 2014, with 440,000 individual owners with a market capitalisation of A$5.921 billion. Medibank held a 29% share of the private health insurance market.

2022 cyberattack
On 12 October 2022, Medibank CEO David Koczkar reported it had detected "unusual activity consistent with the precursors to a ransomware event" in their network but initially provided reassurance that no sensitive customer data has been accessed. In response to the attack, Medibank took their AHM and international student policy management systems offline and requested a trading halt on the ASX. Medibank later announced that a group of alleged hackers have made contact with the company to "negotiate", claiming to have stolen 200 gigabytes of customer data, while providing a sample of 100 customer policies including: "names, addresses, dates of birth, Medicare numbers, phone numbers, and medical claims data including information about diagnosis, procedures and location of medical services". Other information such as credit card security data have also been claimed to have been stolen, yet this remains unverified.

On 23 October, Medibank announced that it had received a further 1,000 records from the hacker that contained policy records from the Medibank, ahm and international student databases, with Koczkar stating that they are "operating under the assumption that there is a potential that all customers could be impacted". This widened the previous assumption that only ahm and international student customers were affected, with the potential that all 3.9 million customer records were exposed.

In November 2022, the hacker group, allegedly linked with Russian ransomware group REvil, released Medibank customer data on a dark web blog, after the company reportedly refused to pay the US$9.7m ransom,   with reports by 1 December suggesting that the hacker group has released all compromised files remaining in their possession.

Acquisitions and mergers
In January 2009, Medibank acquired the Wollongong-based insurer ahm (Australian Health Management) and merged with the HSA Group in April 2009. Following these transactions, Medibank created the Health Solutions Division, which is focused on delivering occupational health services (such as employment medical examinations and injury treatment) and health coaching programs to help Australians manage health conditions (e.g. diabetes). Services are delivered under the Medibank Health Solutions brands.

In July 2010, Medibank acquired health services provider, McKesson Asia-Pacific, absorbing it into Medibank Health Solutions. The telephone and online health management programs services provided by McKesson Asia-Pacific, including "healthdirect Australia", "Nurse-on-Call", and "Healthline", will be maintained by Medibank.

Industry structure and main competitors
Private health insurance in Australia is heavily regulated to protect consumers. Prudential supervision is undertaken by the Australian Prudential Regulation Authority (APRA) to ensure health funds remain solvent. APRA also publishes extensive statistics on the industry and annual financial statement for individual health funds to provide full transparency for stakeholders. The pricing and features of health insurance products is regulated by the Department of Health.

To inform consumers, the Private Health Insurance Ombudsman operates a website to explain private health insurance and provide a standardised basis to compare health fund products.