Australia ups scrutiny of Medibank following the recent data breach
- The Australian Prudential Regulation Authority (APRA) has announced that it has increased the supervision of private health insurer Medibank.
- This news comes soon after a lethal cyberattack on Medibank that has stolen the personal information of around 9.7 million customers in Australia.
- Upon initial inspection, it appears that Russian hackers orchestrated the cyberattack on Medibank.
Following a cyberattack that resulted in the theft of the personal information of 9.7 million Australian clients, the Australian Prudential Regulation Authority (APRA) has tightened its oversight of private health insurer Medibank (ASX: MPL).
The incident is part of a growing pattern of cyberattacks on Australian businesses, including the Australian Clinical Labs-owned Medlab Pathology, where 223,000 patients’ and employees’ credit card information was compromised around a month ago.
Medibank has said that it would conduct a thorough external review of the breach and share the outcome. According to the company, the attack was carried out by Russian hackers.
Weak Medibank security or a well-designed cyberattack?
APRA said that, soon after the data breach, there were several concerns about the quality of Medibank’s operational risk controls. Thus, the organization has tightened its supervision of Medibank. In addition, consulting firm Deloitte was approached to step in and evaluate the security mishap and also assess whether Medibank’s response was effective.
The financial services regulator stated it would determine whether additional regulatory action was required after the results of the external review were revealed.
Suzanne Smith, APRA member said that they expect Medibank to implement any proposed corrective actions and ensure that there is adequate consequence management, including effects on executive remuneration where necessary.
APRA to tighten screws on Australian firms as cyber-attacks increase
The government agency additionally stated that it would step up its oversight of all organisations that did not adhere to CPS 234, the nation’s Information Security Prudential Standard, which outlined the measures companies must take to protect themselves from cybersecurity incidents.
Smith further added that the recent attacks on Australian organizations is exactly why ongoing focus and vigilance by boards on operational resilience is essential. These incidents serve as constant reminders for APRA to ensure they have the answers to a few fundamental questions. These include. “Do you know the nature of data being stored? How safe is the data? Is there a need to retain it?”
Earlier this month, the police claimed that Russian-based hackers were in charge of the intrusion and that they were collaborating on “covert measures” with their global networks, including Interpol.
Continue reading iTMunch for the latest news around cybersecurity, information technology, gaming, and more.