The recommendations from a review of the cyberattack that exposed the private information of millions of Australians last year have been accepted by M edibank, but the bank won’t specify what they are.
The major health insurance company stated in a statement on Friday that it has received the results of a Deloitte probe into the intrusion.
The statement added, “Deloitte has made recommendations to improve Medibank’s IT systems and processes.”
“A number of the recommendations have already been put into practise, and Medibank plans to do the same with the ones that haven’t, along with any additional improvements that it had already planned.
“Medibank will also keep reviewing its cyber security governance arrangements,” the company said, “recognising the rise in cybercrime and the need to keep up with customer expectations.”
A spokeswoman for the corporation said that due to security reasons, neither the review’s conclusions nor the review itself will be made public.
The spokeswoman said: “The Deloitte incident review includes confidential and sensitive information about the cybersecurity measures that Medibank has in place to safeguard customers and other data from malicious cyberattacks.”
“Given the security threats this would present, not only to Medibank but other Australian businesses, we don’t think it’s in the interests of our consumers or the broader Australian community to publicly share their results.
“We will continue to share lessons learned from the cybercrime with other Australian businesses, where we can.”
Up to 9.7 million current and former customers of the health insurer had their personal information leaked online in an October cyberattack.
The data stolen included anything from client names and dates of birth to medical information.
Medibank hired Deloitte to carry out its investigation into the hack in November.
Two class action lawsuits have been filed against the health insurer as a result of the cyberattack, one on behalf of present and past clients and the other on behalf of the business’s stockholders.
It stated that it would defend both lawsuits’ proceedings.
