Source: Medibank
The Market Online - At The Bell

Join our daily newsletter At The Bell to receive exclusive market insights

The Australian Prudential and Regulation Authority (APRA) announced today that it has taken action against Medibank Private (MPL) following a review of its major cyber incident in October 2022.

The nation’s financial safety regulator reported that it would impose an increase in Medibank’s capital adequacy requirement by $250 million.

Capital adequacy is a key measure used to determine the minimum amount of capital that financial institutions, such as banks and insurance companies, must maintain. It is important to ensure financial stability and the ability to absorb potential losses to protect depositors, policyholders, and the overall financial system.

APRA is responsible for ensuring that our financial system is stable, competitive and efficient.

The regulator highlighted weaknesses in Medibank’s information security environment and has enforced the capital adjustment from July 1.

APRA member Suzanne Smith said the October 2022 cyber incident was one of the most significant data breaches ever experienced in Australia.

“In taking this action, APRA seeks to ensure that Medibank expedites its remediation program,” she said. 

“This action demonstrates how seriously APRA takes entities’ obligations in relation to cyber risk and that APRA will respond strongly to identified weaknesses in cyber security controls.”

While Medibank announced that it already addressed specific control weaknesses, the regulator stressed that further work is required to strengthen its security environment and data management. 

“As noted previously, APRA expects Medibank to ensure there is appropriate accountability and consequence management, including impacts to executive remuneration where appropriate,” Ms Smith said.

The capital adjustment will be applied to Medibank’s operational risk charge under the new Private Health Insurance (PHI) Capital Framework. It will remain in place until an agreed remediation program of work is completed by Medibank to APRA’s satisfaction.

APRA will also conduct a targeted technology review of Medibank, with a particular focus on governance and risk culture.

Medibank also released a statement today claiming it holds sufficient existing capital to meet this adjustment.

MPL CEO David Koczkar expressed that safeguarding customer data was a responsibility it takes “very” seriously.

“Medibank has continued to strengthen our systems and processes to provide our customers with the security they expect and deserve,” he said.

“We will continue to work to enhance our systems and processes even further.

“We continue to support our customers through the Medibank Cyber Response Support Program, which includes mental health and wellbeing support, identity protection and financial hardship measures.”

Since APRA launched the 2020-2024 Cyber Security Strategy, it has repeatedly stressed the importance of an uplift in cybersecurity and continued vigilance to identify and address cyber exposures.

However, it reported that not all entities were getting the message, as the regulator continues to identify poor cybersecurity practices and inadequate oversight from boards and company management across Australia.

MPL by the numbers
More From The Market Online
The Market Online Video

ASX Market Close: Bourse finishes week on a high as Wisetech pummeled | November 22, 2024

The ASX200 closed up 0.85% at 8,393 points. Economists increasingly expect interest rates in Australia won’t…
The Market Online Video

HotCopper Highlights: Your most watched stocks for Week 47, 2024

In this segment we’ll look at the top stocks HotCopper users have been watching, and discussing,…
Nuclear explosion mushroom cloud concept

Week 47 Wrap: HotCopper users’ most watched; Brent lifts on Putin’s scary letter; RFK dents CSL

Welcome to the end of another week. Let's start with what HotCopper users have been watching…
Dale Gillham's photo, and wording 'Words from Wealth Within's Chief Analyst Dale Gillham.

Dale Gillham’s weekly wrap: Sigma-Chemist Warehouse merger creates pharma powerhouse

The $8.8 billion dollar merger between Sigma Healthcare and Chemist Warehouse is poised to reshape the Australian pharmacy landscape, consolidating power in th…