Information securityand privacy

At HCF, the health and safety of our members is our highest priority and we take the responsibility of protecting your personal information very seriously. We remain focused on ensuring the confidentiality, security and integrity of your information, as well as our systems, with robust 24/7 monitoring, threat detection and intelligence measures in place. Learn more about what we’re doing to protect your information.

IMPORTANT SECURITY UPGRADES TO YOUR MEMBERSHIP ACCOUNT

The safety of your personal information is our highest priority. That’s why we’ve introduced mandatory multi-factor authentication to secure your log in to the My Membership app and online member services.

When logging in to your membership account, you’ll now be sent a unique, one-time code by text or email, which you’ll need to enter every time you log in.

This new security feature is one of the simplest, most effective ways to help prevent unauthorised access to your personal information.

Read our frequently asked questions

HOW TO USE MULTI-FACTOR AUTHENTICATION 

STEP 1

ENTER MEMBERSHIP NUMBER AND PASSWORD

Then click sign in.

STEP 2

CLICK
'SEND CODE'

Your code will be sent by
text or email.

STEP 3

ENTER UNIQUE,
ONE-TIME CODE

Your code will last for 5 minutes.

STEP 4

CLICK
'SUBMIT'

You’ll need to repeat these steps every time
you log in.

Protecting your information

Safeguarding your personal information against potential cyber security threats is our priority. We continuously invest in comprehensive cyber capabilities to protect your information. We monitor our systems for unusual activity around the clock and regularly conduct robust security testing. We have implemented governance processes and controls to manage cyber risks to ensure the protection and security of personal information you share with us.

Visit the Australian Cyber Security Centre for news and alerts, and information on how to stay secure online. 

Privacy at HCF

We’re committed to protecting your privacy and managing your personal information in accordance with the HCF Privacy Policy, as well as our obligations under relevant state legislation dealing with privacy and health records.

The HCF Privacy Policy includes information on:

  • the nature of the personal information we may collect
  • how we collect and use your personal information
  • who we disclose your personal information to
  • what happens if you don’t provide this information or don’t want us to use or disclose the information
  • storage and security of your personal information
  • your privacy rights
  • contacts if you have a concern or query in relation to privacy.
The HCF Privacy Policy

Digital Health Check

Practising good digital habits is important to help you stay safe online and protect your financial and identity security.

You can follow these steps to check your digital health:

  • set strong and unique passwords (or passphrases) on all devices and online accounts and use multi-factor authentication where available
  • turn on automatic software updates to ensure your devices are covered by the latest security protection
  • install antivirus software where possible and back up devices
  • only download apps from app stores you know and trust, such as Apple’s App Store or Google Play for Android, and turn on automatic app updates for the latest security protection
  • think about the information you share online and if it could be easily used to crack passwords or steal your identity
  • never click on suspicious or unknown links in emails, SMS or social media messages
  • limit the amount of personal information you share on social media or consider changing your setting to a private account.

Remember, HCF will never contact you and ask for your password or personal information (without verifying your identity first). If you’ve noticed any suspicious activity or communications from HCF, please report it immediately to our Fraud Response Team:

Phone: 1800 727 721

Email: fraudresponseteam@hcf.com.au

If you're concerned about the potential misuse of your personal information, you can contact IDCARE, Australia’s national identity and cybersecurity community support service. IDCARE provides free and anonymous support, as well as information and resources on how to protect your personal information. Phone 1300 432 273 or visit the IDCARE Learning Centre.

You can also refer to Scamwatch for more news,alerts and help about scams. 

Fraud Awareness

Health insurance fraud is wide-ranging and can include identity fraud, when someone uses your personal details without your permission to gain a financial benefit. We monitor member accounts continuously for unusual activity to protect you and your personal information.

To help protect yourself and HCF against fraud:

  • never leave your HCF membership card with anyone, even a provider
  • always check the details on your receipt and your claims history
  • use a strong password to log in to online member services and update it regularly 
  • be aware of phishing and spoofing scams
  • know that we’ll never ask for your password or personal information (without verifying your identity first)
  • report any suspicious behaviour or irregularities. 

 

Fraud protection at HCF

HCF APP AND ONLINE MEMBER SERVICES SECURITY UPGRADE FAQS

What’s changed to the log in experience for the My Membership app and online member services?

To help keep your personal information and data safe, we’ve introduced mandatory multi-factor authentication when logging in to the My Membership app and online member services. This means you’ll now need to add a unique one-time code that will be sent to you by text or email every time you log in to your membership account.

What is multi-factor authentication?

Multi-factor authentication is a security measure that requires you to confirm your identity each time you log in with a unique one-time code that is sent to you by text or email when logging in to the My Membership app or online member services.

Why is it important?

Many organisations have adopted multi-factor authentication, an essential protection measure in today’s cyber security and safety landscape. Multi-factor authentication makes it harder for cyber criminals to access your personal information by adding another layer of verification to the log in experience.

Why has HCF made these changes?

Multi-factor authentication is common across many financial services and telecommunication providers, helping to protect sensitive customer information and data and reduce unauthorised access to their systems and networks. The introduction of mandatory multi-factor authentication to the My Membership app and online member services is another way we’re continually improving security measures to help protect you and your family from cyber-attacks and fraud.

When will this happen?

Multi-factor authentication is being rolled out across the My Membership app and online member services at some point between 20 February and 31 March 2023. So, the next time you log in to your membership account, you’ll likely be asked to enter a unique, one-time code that will be sent to you by text or email.

Do I need to do anything, or is the update automatic?

The upgrade to the log in experience is automatic. Once you’ve logged in and checked your contact details are correct, there is no further action you need to take. To make sure you can successfully log in after 20 February, please confirm your details are correct via the My Membership app or online member services or get in touch with our dedicated support team by calling 13 13 34.

Why has multi-factor authentication been mandated, and do I have to use it every time I log in?

We take the protection of your personal information seriously and want to make sure it’s always safe and secure. To help prevent unauthorised access to your account and add another layer of security to your HCF membership, we’ve added mandatory multi-factor authentication to our online log in experience.

This means, you'll now need to add a unique, one-time code every time you log in to the My Membership app and online member services. This code will be active for 5 minutes before expiring. If your code expires before you use it, you’ll be prompted to request another code on the log in screen.

What if my email or mobile number is wrong?

We have a dedicated team in place to support and guide members through the implementation of multi-factor authentication. If the email or mobile number listed in your membership account is incorrect and not updated by 20 February, you’ll be temporarily locked out of the My Membership app and online member services. To update your details and make sure you can access your account, contact our team by calling 13 13 34 or by visiting a branch.

Can anyone on my cover update and use multi-factor authentication?

Currently only the policyholder can register to have an online account linked to their cover, so you’ll need to make sure their email and mobile number are up to date.

I don’t have a smartphone or mobile phone – can I still use multi-factor authentication?

Yes, you can still use multi-factor authentication if you don’t have a smartphone or mobile device. If you don’t have a mobile device, it’s important to make sure the email linked to your membership is correct, as this is where we’ll send your unique one-time code. If the email is incorrect, get in touch with our team by calling 13 13 34 or by visiting a branch.

Where will the code be sent if both my email and mobile are linked to my account?

Mobile is the automatic preference setting used for multi-factor authentication, meaning you’ll receive your unique, one-time code by text.

How do I turn on multi-factor authentication?

There is no action required from you. To make sure your personal information is always secure, mandatory multi-factor authentication is being automatically turned on for your membership account at some point between 20 February and 31 March 2023. This means, you’ll need to enter a unique, one-time code every time you log in to the My Membership app and online member services.

Can I opt out of multi-factor authentication?

No. Multi-factor authentication is a mandatory security measure we've added to our log in experience to help keep your personal information safe.

I’ve entered my password incorrectly and am now locked out, what can I do?

If you’ve locked yourself out of your account after too many failed password attempts, you’ll be able to retry again in 5 minutes. Once your account has reactivated, you’ll be prompted to enter a new unique, one-time code that will be sent to by text or email following re-setting or entering the correct password.

How long does it take for the code to come through by text or email?

The code should arrive instantly, though there are many factors that might impact how long it takes to receive your code, like where you’re located, your mobile or service provider and your signal strength.

How many times do I need to enter the code?

You’ll be required to enter a new unique, one-time code every time you log in to the My Membership app and online member services.

Can I still use biometrics to log in to My Membership account?

Yes, you can still use biometrics to log in to your membership account. Once your biometrics have been accepted, you’ll be prompted to enter a unique, one-time code.

Who do I reach out to for support?

If you need help logging in to your account or want more information about multi-factor authentication, get in touch with our team by calling 13 13 34 or visiting our Contact Us page.

For More Information

Contact Us

Contact our team if you have any questions about your personal information or our information security measures

HCF Privacy Policy

We’re committed to protecting your privacy and handle your personal information in accordance with the HCF Privacy Policy

Code of Conduct

Learn about the Private Health Insurance Code of Conduct and our commitment to industry best practice

Your Questions Answered

Questions about your membership? Visit our FAQs to get answers to commonly asked questions