The Medibank Private Ltd (ASX: MPL) share price is in the green this afternoon after the company's annual general meeting (AGM).
As might have been expected, a major cyberattack suffered by the company was a huge topic of conversation at the event. Medibank CEO David Koczkar reiterated that not paying a ransom demanded by the hacker was "the right thing to do".
Such comments followed reports the cybercriminals were holding off from publishing more stolen information in the prospect of "something meaningful" happening today.
Right now, the Medibank share price is 0.18% higher at $2.815. Though, that's around 20% lower than it was prior to the attack – some brokers now believe the stock oversold, my colleague Tristan reports.
Comparatively, the S&P/ASX 200 Index (ASX: XJO) is down 0.36% today. The stock is also outperforming its home sector – the S&P/ASX 200 Financial Index (ASX: XFJ) has fallen 1.37% on Wednesday.
Let's take a closer look at the latest from the embattled health insurer.
Medibank share price lifts following AGM
The Medibank share price is gaining this afternoon. Its lift comes after the company's leaders doubled down on the decision not to pay a ransom for stolen data. Chair Mike Wilkins told today's meeting:
Based on extensive advice from cybercrime experts, we formed the view that there was a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published.
In fact, the advice we have had is that to pay a ransom could have had the opposite effect and encouraged the criminal to directly extort our customers, and put more people in harm's way by making Australia a bigger target.
Koczkar came in with more gusto. He called the attack "a watershed moment" and a reminder of "the new frontier in cybercrime":
We are steadfast in our resolve to NOT reward this criminal behaviour, nor to strengthen a business model that is based on extortion.
While we unreservedly apologise for the impact of the release of the data, we cannot as a community, pay criminals who are likely to continue to extort us all – particularly when there is no guarantee that the criminal would ever delete the data. As I've said before, you cannot trust a criminal.
On top of an ongoing investigation by the Federal Police and Australian Cyber Security Centre, Medibank has commissioned Deloitte to conduct an external review.
The company will begin informing the 480,000 customers whose data was recently verified as having been stolen today. It will also be contacting those whose health data is published on the dark web within 48 hours of the hackers posting it.
What else went down at the Medibank AGM?
The company's leaders also reiterated its financial year 2022 earnings, the withdrawal of its policy growth guidance, and the estimated $25 million to $35 million cost of the attack.
Koczkar also said, as of 12 November, Medibank's resident policyholder numbers had grown by around 14,500 since the end of June.
Additionally, it's seen around 14% customer growth in its non-resident business since the end of June 2022. That leaves the number of customers in its non-resident portfolio at pre-pandemic levels.
Koczkar continued:
The rising cost of living has presented a challenge for many households and yet a record number of Australians continue to take out private health insurance, putting their health and wellbeing first.
Consumers no longer see health spending as discretionary and are actually spending more on their health than before the pandemic.
Finally, shareholders passed all resolutions put forward today.
Peter Everingham and Kathryn Fagg stood for election to the company's board. Meanwhile, Linda Bardo Nicholls and David Fagan sought re-election.
Shareholders also voted on the company's remuneration report and certain amendments to its constitution. Most of the amendments related to developments in the law, ASX listing rules, and corporate governance practices.