In the wake of a data breach that affected 9.7 million consumers, Australia is intensifying its investigation of Medibank and will determine whether any regulatory action is required. It is believed that Russian hackers were responsible for the breach.
The insurance company has promised to disclose the results of an independent investigation into the matter.
"Intensified" Supervision
Based on ZDNET's report, the Australian Prudential Regulation Authority (APRA) said on Monday, Nov. 28, that it had "intensified" its supervision of Medibank in light of the breach, which APRA noted raised concerns about the adequacy of Medibank's operational risk controls.
Deloitte, a consulting company, had been hired to investigate the security flaw and Medibank's responses and procedures.
After the external review results are established, the financial services regulator has agreed to decide whether further regulatory action is required.
Suzanne Smith, a member of APRA, has said that the administration expects Medibank to execute all suggested remedial activities and ensure adequate consequence management, including effects on executive compensation where necessary.
ZDNET reported that if businesses or organizations in the country do not implement the precautions listed in CPS 234, the national standard for information security, the government will oversee them.
Recent cyber breaches underline the need for board vigilance and operational resilience, Smith said.
Medibank CEO David Koczkar said the company had discussed the scope of the external assessment it had hired Deloitte to conduct with APRA.
"We will share the key outcomes and consequences of the review, where appropriate, having regard to the interests of our customers and stakeholders and the ongoing nature of the Australian Federal Police (AFP) investigation," Koczkar stated.
See Also: Medibank Breach Update: Hackers Expose Confidential Mental Health Data, Threaten to Leak More
Hackers' Identities
In an earlier statement this month, police officials blamed Russian-based hackers for the hacking. They stated that covert measures were being developed in conjunction with international networks like Interpol.
AFP commissioner Reece Kershaw said that investigations were focusing on all parties involved and that his team knew who was responsible for the assault but were not disclosing their identities.
They plan to speak to Russian law enforcement about the mentioned people.
AFP is in charge of the Australian branch of Interpol, which has a direct line of communication with its counterpart in Moscow.
Kershaw emphasized that Interpol National Central Bureaus might seek help in cross-border investigations.
Medibank has updated information on the incident that appeared on a dark web forum. A Nov. 20 statement revealed four more files comprising 1,496 data were leaked online, including 123 entries from earlier hacks.
CEO Koczkar stated the firm would not pay any ransom on the advice of cyber crime specialists and the idea that doing so would only have a small probability of preventing the release of client data.
He noted that paying might encourage cybercriminals to extort their consumers, putting more people in danger by making Australia a greater target.
Data Protection
According to ZDNET, the Australian government passed a law to increase financial penalties for data privacy violators.
Maximum fines for serious or repeated breaches will increase to AU$50 million ($32.34 million) from AU$2.22 million ($1.48 million), or three times the value of any benefit obtained through data misuse, or 30% of the firm's adjusted revenue in the relevant period, whichever is higher.
See Also: Optus Data Breach: Sydney Teenager Pleads Guilty to Blackmailing Nearly 100 Individuals
This article is owned by Tech Times
Written by Trisha Kae Andrada
