In a statement on Tuesday, the Australian Prudential and Regulation Authority (APRA) declared it slammed Medibank with a huge increase of $250 million in its capital adequacy requirements.
The requirement will take effect from July 1. The latest sanctions came in response to the bank’s security structure.
In October 14, 2022, Medibank announced that it was a victim of cyberattacks. Although Medibank failed to acknowledge the intrusion, it found that it may have data of 9.7 million past and present customers.
Requirements for Risk Management
APRA said that the capital adjustment was to cover the bank’s operational risks. It is also a mandate under the new Private Health Insurance Capital Framework.
Furthermore, the adjustment stays until an agreed remediation program of work is achieved by Medibank to APRA’s satisfaction. APRA will further execute a targeted technology review of Medibank with a distinct focus on governance and risk culture, the statement added.
The regulatory body said while Medibank had dealt with specific control shortcomings which led to the breach, it would further heighten its security environment and data management.
APRA member Suzanne Smith says, In taking this action, APRA strives to guarantee that Medibank expedites its remediation program.
This measure illustrates how earnestly APRA takes entities’ obligations regarding cyber risk, In effect, APRA will react stoutly to pinpoint flaws in cyber-security controls.
Medibank Responds Favorably
As previously noted, APRA urges Medibank to guarantee there is suited accountability and consequence management, including consequences for executive remuneration where necessary.
In response, Medibank stated in a note sent to the ASX that it had adequate capital to meet the increase.
It disclosed that after the application of this requirement, the corporation would remain well capitalized with unallocated capital remaining at 30 June 2022 levels: $148 million.
Moreover, given this, the company guarantees it will not decrease its target health insurance required capital ratio.
Medibank chief executive David Koczkar reportedly stated that Safeguarding customer data is a commitment Medibank takes very seriously.
Medibank will continue to reinforce our systems and processes to equip our customers with the security they expect and deserve. We will persist to enhance our systems and processes even further,” he said.
