Medibank's hackers are threatening to release stolen personal health information, and Cyber Security Minister Clare O'Neil says that's a "dog act".
The health insurer on Wednesday revealed it had received messages from the alleged hackers claiming they had removed customer data, less than a week after it was hit by a cyber attack.
The alleged hacker said they have 200Gb of stolen data - including names, addresses, dates of births and Medicare and phone numbers - along with locations of where customers got medical treatment and, importantly, information about diagnoses and procedures.
Ms O'Neil said the hackers were trying to negotiate with Medibank while holding the information hostage.
"Financial crime is a terrible thing, but ultimately a credit card can be replaced ... The threat being made here, to make the private, personal health information of Australians available to the public, is a dog act," she told reporters.
"The toughest and smartest people in the Australian government are working directly with Medibank to try to ensure this horrendous criminal act does not turn into what could be irreparable harm."
An investigation has been launched, with federal government agencies working alongside Medibank.
The health insurer says affected customers were contacted beginning on Thursday morning, adding they expect the number of people involved to grow.
Medibank chief executive David Koczkar unreservedly apologised to everyone affected by the incident.
"I know many will be disappointed with Medibank and I acknowledge that disappointment," he said.
"We will learn from this incident and will share our learnings with others ... Medibank will remain open and transparent and will continue to provide comprehensive updates as often as we can and need to."
The government says the Medibank hack, following the recent widespread data breach at telecommunications company Optus, is a wake-up call for business.
Ms O'Neil said agencies were working to stop the data from being released on the internet.
"This is the new world that we live in. We are going to be under relentless cyber attacks essentially from here on in," the minister told ABC Radio on Thursday.
"We need to do a lot better as a country to make sure that we are doing everything we can within organisations to protect customer data and also for citizens to be doing everything they can."
Ms O'Neil said it was too early to tell how many customers had been affected by the Medibank hack after speaking with the insurer's CEO.
It is now working alongside federal police and the Australian Signals Directorate to manage the breach.
The Australian Securities Exchange-listed Medibank went into a trading halt after it was contacted by the alleged hackers.