Medibank forced to lift capital requirements by $250m after cyber breach

The Australian Prudential Regulation Authority (APRA) is taking a hard stance on cyber security controls following a review of the hack that affected private health insurer Medibank (ASX: MPL) and almost 10 million of its customers last year.

In a move aimed at expediting Medibank's remediation program and to ensure accountability, the regulator will impose an increase in Medibank’s capital adequacy requirement of $250 million - a figure representing close to a quarter of the group's health insurance-related capital of more than $1 billion at the end of 2022.

APRA explains the $250 million increase reflects the weaknesses identified in Medibank’s information security environment.

The hike in this capital risk buffer contrasts with Medibank's expectations announced in February to reduce its target health insurance required capital ratio by one or two percentage points down to 10-12 per cent.

In addition to the $1 billion-plus in health insurance-related capital by the end of 2022, Medibank also had non-fund required capital of $205.6 million and an unallocated capital surplus of $198.1 million.

The new capital adjustment will be in effect from 1 July, applying to Medibank’s operational risk charge under the new Private Health Insurance (PHI) Capital Framework and remaining in place until an agreed remediation program of work is completed by Medibank to APRA’s satisfaction.

https://www.businessnewsaustralia.com/articles/medibank-forced-to-lift-capital-requirements-by--250m-after-cyber-breach.html