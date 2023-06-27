Medibank faces fresh tech review in ongoing hack fallout

By on
Medibank faces fresh tech review in ongoing hack fallout

Must also hold more capital while addressing infosec “weaknesses”.

Medibank will undergo a "targeted technology review" by financial regulator APRA and must also hold more capital while it remediates weak controls that contributed to last year's hack and data breach.

The Australian Prudential Regulatory Authority (APRA) said it had decided to impose a $250 million increase in the insurer’s capital adequacy requirement, following a review of the cyber incident.

Forcing additional capital to be held is a common short-term penalty, often imposed in the wake of an incident or string of incidents.

APRA said the increase would "remain in place until an agreed remediation program of work is completed by Medibank to APRA’s satisfaction" with respect to its information security controls.

While the specific vulnerability that led to last year’s data breach has been addressed, APRA said, the insurer “still has further work to do across a number of areas to further strengthen its security environment and data management.”

The authority also wants Medibank to expedite its remediation program. 

In addition, APRA said it will separately "conduct a targeted technology review of Medibank, with a particular focus on governance and risk culture".

The timeline for this additional review is not clear.

Medibank said in a financial filing that it “has sufficient capital to meet this adjustment”.

“Medibank will continue to provide its full support and work collaboratively with APRA, including on the remediation program,” the insurer said.

The data breach affected a total 9.7 million customers, and in February, Medibank revealed it had expected the direct costs of the breach to reach $40 million.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
apramedibanksecurity

Sponsored Whitepapers

Responding To Industry Trends And Our 5m+ Users
Responding To Industry Trends And Our 5m+ Users
The Future of Digital Identity in Government
The Future of Digital Identity in Government
Secure Public Services for Every Australian
Secure Public Services for Every Australian
7&#189; Questions for Aged Care's Digital Decisions
7½ Questions for Aged Care's Digital Decisions
Creating the Sustainable IT Department
Creating the Sustainable IT Department

Most Read Articles

Medibank's staff details stolen after property manager faces cyber breach

Medibank's staff details stolen after property manager faces cyber breach
Fire Rescue Victoria still hampered by December 2022 cyber attack

Fire Rescue Victoria still hampered by December 2022 cyber attack
Australia appoints first cyber security coordinator

Australia appoints first cyber security coordinator
Apple rushes out patches for exploited zero day bugs

Apple rushes out patches for exploited zero day bugs

Digital Nation

How eBay uses interaction analytics to improve CX
How eBay uses interaction analytics to improve CX
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
COVER STORY: The opportunities and risks of cybersecurity insurance in Australia
Health tech startup Kismet raises $4m in pre-seed funding
Health tech startup Kismet raises $4m in pre-seed funding
More than half of loyalty members concerned about their data
More than half of loyalty members concerned about their data
DeepAI founder on the risks of artificial intelligence
DeepAI founder on the risks of artificial intelligence

Log In

  |  Forgot your password?