Australia's largest health insurer Medibank has been subjected to increased scrutiny by the Australian Prudential Regulation Authority after the widespread data breach impacting 9.7 million customers, which was attributed by the Australian Federal Police to Russian hackers, according to ZDNET.
Finalization of the external review led by Deloitte would determine the need for more regulatory action, noted ARPA.
"APRA expects Medibank to undertake any recommended remediation actions and ensure there is appropriate consequence management, including impacts to executive remuneration where appropriate," said ARPA member Suzanne Smith.
Medibank has been consulting with ARPA regarding the external review's scope, noted Medibank CEO David Koczkar.
"We will share the key outcomes and consequences of the review, where appropriate, having regard to the interests of our customers and stakeholders and the ongoing nature of the Australian Federal Police (AFP) investigation," Koczkar added.
Meanwhile, AFP Commissioner Reece Kershaw said that talks with Russian law enforcement regarding the intrusion are being planned.