Cyber Security Minister Clare O'Neil says the worst fears for Medibank customers have been realised, following the latest data dump of stolen customer information.
In a chilling message posted on the dark web, the ransomware group behind the hack released sensitive details of customers' medical procedures.
The group has also demanded $US1 for each of Medibank's 9.7 million customers.
Ms O'Neil told parliament she was appalled by the latest developments in the data breach.
"Yesterday, I indicated to the parliament that the consequences of the Medibank hack were likely to get worse, and today those fears have been realised," she said on Thursday.
"We stand with you. You are entitled to keep your health information private and what has occurred here is morally reprehensible and it is criminal."
Ms O'Neil said she had spoken with Medibank chief executive David Koczkar twice on Thursday to "make clear" community expectations.
She said she wanted to make sure affected customers would be able to access enough support.
"I don't want Australians to have to circulate 14 government departments or areas of Medibank in order to get what they deserve and need," she said.
"I received the assurance from Medibank today that if a large data dump occurs, they are fully ready to provide services when and if they are needed to Australians who need them."
The ransomware group began releasing Medibank data on the dark web in the early hours of Wednesday morning under files named "good-list" and "naughty-list".
The first wave included names, birthdates, addresses, email addresses, phone numbers, health claims information, Medicare numbers for Medibank's ahm customers and passport numbers for international student clients.
Mr Koczjar said the release of the data was disgraceful.
"The weaponisation of people's private information in an effort to extort payment is malicious, and it is an attack on the most vulnerable members of our community," he said in a statement.
"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care."
Australian Federal Police are ramping up efforts to catch those behind the huge data breach and are co-ordinating with state and territory police to support people at risk of identity fraud.
Operation Guardian, which was set up to tackle the recent Optus hack, is being expanded to investigate the Medibank data theft.
"If members of the community feel they are at imminent risk they should contact triple zero immediately," AFP Assistant Commissioner Cyber Command Justine Gough said.
Medibank has confirmed details of almost 500,000 health claims have been stolen, along with personal information, after the unnamed group hacked into its system weeks ago.
No credit card or banking details were accessed.
Australian Associated Press
Sign up for our newsletter to stay up to date.