Medibank, which hit the headlines in Australia last year after experiencing a major cyberattack, has released the results of its cyber incident review.
Deloitte conducted an external incident review into Medibank's cyber incident and advised Medibank to enhance its IT processes and systems. It also made additional recommendations, with others already implemented.
Medibank is still working on implementing all recommendations, along with other enhancements, according to the update. It will also continue to review its cyber security governance solutions, it confirmed.
Medibank chair Mike Wilkins said the company will ensure that it blocked the cyberattack path and enhance its systems and processes to provide customers with better security.
“Medibank has completed a range of enhancements to meet this expectation, and the board will continue to oversee the completion of steps to implement the recommendations to enhance systems and processes even further,” Wilkins said. “From the beginning of this cybercrime, Medibank has continued to prioritise and support the needs and health of our customers and to ensure the earliest possible resumption of normal business operations.”
Last year, Medibank confirmed that it was hit by a cyberattack, resulting in stolen data. Early this year, the insurer revealed that the data leak might have extended to one of its brands, ahm.
Since the cyber incident, Medibank has been facing class-action lawsuits, the most recent one being handled by the US-based law firm Quinn Emmanuel Urquhart & Sullivan, which alleged that the insurer breached disclosure obligations by failing to reveal information relevant to alleged deficiencies in its cyber security systems.