Medibank: APRA suggests executive’s pay could be docked over cyber crime breach

Medibank executives should have their pay docked over their recent cyber breach, the financial services watchdog has warned.

In a statement the Australian Prudential Regulation Authority said they had “intensified” their supervision of Medibank in the wake of last month’s cyber attack, in which suspected Russian-based hackers stole 9.7 million current and former customer records.

On Monday, APRA said the breach had “raised concerns about the strength of its (Medibank’s) operational risk control.”

APRA member Suzanne Smith went further, saying that the regulator “expects Medibank to undertake any recommended remediation actions and ensure there is appropriate consequence management, including impacts on executive remuneration when appropriate.”

Ms Smith said the cyber attacks, which have so far seen medical information relating to HIV, abortions, drug and alcohol abuse and mental illness released onto the dark web, were a salient reminder for boards to focus on their operational resilience.

“They are a stark reminder for boards to ensure they can answer these fundamental questions – do you know what data you are holding? Do you know where it is? How do you know it is safe?” she said.

Earlier this month, it was announced Deloitte would conduct an external review of Medibank.

“While APRA notes Medibank’s constructive response to date, APRA will consider whether further regulatory action is needed when findings of the report become clearer,” Ms Smith said.

The comments come as Medibank chief executive David Koczkar received $3.76 million and a $1.64 million pay increase at Medibank’s annual general meeting earlier this month, according to reports.

The health insurer has been praised for its decision not to pay hackers $15 million ransom demand.

Earlier this month, Australian Federal Police Commissioner Reece Kershaw said authorities believed a “group of a loosely affiliated cyber criminals” based in Russia were responsible for the attack.

“We believe we know which individuals are responsible, but I will not be naming them,” the Commissioner said, adding that the AFP would be holding talks with Russian law enforcement.

Originally published as APRA suggests pay could be docked for Medibank executives

Read original article here

Denial of responsibility! Toys Matrix is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – admin@ toysmatrix.com . The content will be deleted within 24 hours.

Leave a comment
My title Page contents