Medibank has confirmed that it has received the findings of a review conducted by Deloitte into last year's cybercrime event.
The event led to the theft and subsequent publication of confidential patient information.
Medibank said Deloitte has recommended enhancing the company's IT processes and systems.
It said several recommendations have already been implemented and that it intends to implement all recommendations not already undertaken, along with other previously planned enhancements.
Medibank, which said it continues to review its cyber security governance arrangements, confirmed that last year's cybercrime event remains the subject of a criminal investigation.
“This cybercrime was a deliberate and malicious attack. Our focus has been to ensure that we closed down the attack path and enhance our systems and processes to provide our customers with the security they expect and deserve," said Medibank Chair Mike Wilkins.
“Medibank has completed a range of enhancements to meet this expectation and the Board will continue to oversee the completion of steps to implement the recommendations to enhance systems and processes even further.
“From the beginning of this cybercrime, Medibank has continued to prioritise and support the needs and health of our customers and to ensure the earliest possible resumption of normal business operations.”