Medibank won’t reveal the findings of an external review into a high-profile cyber attack due to security fears.
The private information of about 10 million Medibank customers was released onto the dark web following a cyber hack in October 2022.
Consultancy firm Deloitte was recruited by the health insurance giant to investigate the incident and make recommendations about potential improvements to Medibank’s IT processes and systems.
In a statement to the Australian Securities Exchange (ASX) on April 28, Medibank said it had received the review findings and it planned to implement all recommendations.
The company did not outline details of the recommendations.
A spokeswoman for Medibank told AAP the review would not be made public as it contained confidential and sensitive information about cyber security measures.
“We don’t think it’s in the interests of our customers or the broader Australian community to publicly release their findings given the security risks this would pose, not only to Medibank but other Australian businesses,” the Medibank spokeswoman said.
Data stolen by the hackers included names, phone numbers, Medicare numbers and sensitive health information.
Medibank chairman Mike Wilkins said the company was focused on making sure customers had the security they expected and deserved.
“The board will continue to oversee the completion of steps to implement the recommendations to enhance systems and processes even further,” Wilkins said.
Medibank shareholders and customers launched separate class actions following the hack.