Key Points
- Medibank has refused to reveal findings of a review into a major cyber attack.
- The cyber attack breached the private information of about 10 million customers.
- The private health insurer said it plans to implement all review recommendations.
Medibank won't reveal the findings of an external review into a due to security fears.
The private information of about 10 million customers was released onto the dark web following a cyber hack in October 2022.
Consultancy firm Deloitte was recruited by the health insurance giant to investigate the incident and make recommendations about potential improvements to Medibank's IT processes and systems.
In a statement to the ASX on Friday, Medibank said it had received the review findings and it planned to implement all recommendations. The company did not outline details of the recommendations.
A spokeswoman for the company told AAP the review would not be made public as it contained confidential and sensitive information about cyber security measures.
"We don't think it's in the interests of our customers or the broader Australian community to publicly release their findings given the security risks this would pose, not only to Medibank but other Australian businesses," she said.
Data stolen by the hackers included names, phone numbers, Medicare numbers and sensitive health information.
Medibank chairman Mike Wilkins said the company was focused on making sure customers had the security they expected and deserved.
"The board will continue to oversee the completion of steps to implement the recommendations to enhance systems and processes even further," he said.
Medibank shareholders and customers launched separate class actions following the hack.
