By Rachael Ward in Melbourne
MEDIBANK won’t reveal the findings of an external review into a high-profile cyber attack due to security fears.
The private information of about 10 million Medibank customers was released onto the dark web following a cyber hack in October 2022.
Consultancy firm Deloitte was recruited by the health insurance giant to investigate the incident and make recommendations about potential improvements to Medibank’s IT processes and systems.
In a statement to the ASX on Friday, Medibank said it had received the review findings and it planned to implement all recommendations. The company did not outline details of the recommendations.
A spokeswoman for the company told AAP the review would not be made public as it contained confidential and sensitive information about cyber security measures.
“We don’t think it’s in the interests of our customers or the broader Australian community to publicly release their findings given the security risks this would pose, not only to Medibank but other Australian businesses,” she said.
Data stolen by the hackers included names, phone numbers, Medicare numbers and sensitive health information.
Medibank chairman Mike Wilkins said the company was focused on making sure customers had the security they expected and deserved.
“The board will continue to oversee the completion of steps to implement the recommendations to enhance systems and processes even further,” he said.
Medibank shareholders and customers launched separate class actions following the hack.
Who can be trusted?
In a world of spin and confusion, there’s never been a more important time to support independent journalism in Canberra.
If you trust our work online and want to enforce the power of independent voices, I invite you to make a small contribution.
Every dollar of support is invested back into our journalism to help keep citynews.com.au strong and free.
Thank you,
Ian Meikle, editor
Leave a Reply