Australian regulator flags Medibank for cyber incident

Medibank will face an AU$250m ($168m) increase in its capital adequacy requirement.

Australian Prudential and Regulation Authority (APRA) has penalised Medibank due to a cyber incident in October 2022. 

As a result, Medibank will face an AU$250m ($168m) increase in its capital adequacy requirement, highlighting deficiencies in its information security.

Starting from July 1, 2023, Medibank will experience a capital adjustment in its operational risk charge as per the new PHI Capital Framework. 

This adjustment will remain in effect until Medibank successfully completes a remediation program approved by APRA.

ALSO READ: Australia's insurance council hails A$400m in extreme weather protection

Additionally, APRA will conduct a targeted technology review of Medibank, with a specific focus on governance and risk culture.

APRA acknowledges that Medibank has taken steps to address the control weaknesses that allowed unauthorised access to its systems. 

However, there are still areas where Medibank needs to enhance its security environment and data management.

(AU$1.00 = $0.67)