Australia’s largest health insurer said on Monday it would not pay any ransom demand for the data breach revealed last month and which compromised the personal information of nearly 10 million people.

The hacker had threatened to sell the stolen data and release health records of 1000 high-profile customers unless Medibank paid a ransom.

Senator Paterson said it was up to businesses to make the “difficult” decision of whether to pay ransom demands.

“It is often the case that companies do pay ransoms and it is often the case that it is not successful when they do in achieving their objectives,” he told Sky News on Monday.

“And that’s why the consistent position of the Australian government and our cyber security agencies over many years is not to pay.”

Senator Paterson said companies who adopted the policy of not paying ransoms had an added responsibility to protect their customers’ data “in the first place”.

Home Affairs Minister Clare O’Neil said the private health insurer’s decision was consistent with Australian government advice.

“Cyber criminals cheat, lie and steal. Paying them only fuels the ransomware business model. They commit to undertaking actions in return for payment, but so often re-victimise companies and individuals,” she said.

“I want Australia to be the most cyber-safe country in the world. The payment of ransoms directly undermines that goal.”

Medibank has commissioned an external review into the incident after revealing almost 500,000 health claims have been accessed as well as the names, dates of birth, addresses and phone numbers of 9.7 million current and former customers.

Opposition home affairs spokeswoman Karen Andrews has attempted to revive a Coalition-era Bill that would introduce new offences for hackers using ransomware.

The legislation would impose 10-year maximum prison sentences for cyber extortion and 25-year maximum prison sentences for cyber attacks on critical infrastructure.

The Bill has not been revived by Labor after it won the federal election in May.

Ms Andrews told parliament on Monday the laws would deter criminals and form an “important part of safeguarding Australia” against cyber attacks.

She said the Albanese government’s response to the Medibank hack and recent Optus data breach had been “lacklustre”.

“The silence from the government has been deafening on these breaches,” she said.

But Ms O’Neil put the blame on the previous government.

“I have announced that our government has begun work on a new cyber strategy for the nation,” she said.

“Unlike the last government, we see and recognise the urgent need to address the conditions that have allowed the two largest cyber attacks in our history to occur within the space of two months.

Labor last month introduced legislation to parliament that would increase fines for companies that failed to protect Australians’ personal data from about $2m to at least $50m.

Attorney-General Mark Dreyfus had flagged he would seek to rush through changes to the Privacy Act given the massive scale of the recent data breaches at Optus and Medibank.

Under the amendments, companies involved in serious or repeated privacy breaches would face penalties of hundreds of millions of dollars.

Businesses would be fined whichever was higher: $50m, three times the cost of damage caused by the misuse of information, or 30 per cent of a company’s adjusted turnover in the relevant period.

A review of the Privacy Act by the Attorney-General’s Department is expected to be completed by the end of the year and result in recommendations for further reforms to protect people’s personal information.

Catie McLeodFederal political reporter

Catie McLeod is a reporter at the NCA NewsWire covering federal politics in the Canberra Press Gallery for the News Corp mastheads in print and online. Before this she worked in the Sydney bureau where she covered general news.

@catiemcleod

More related stories

NewsWire

Alfred impact sends reigning premiers south

After flooding forced the NRL’s Gold Coast Titans out of their training venue the AFL reigning premiers have had to leave their Brisbane training base to find better training conditions.

Read more

NewsWire

Hidden killer lurking in floodwaters

Medical experts have warned residents of a deadly disease lurking in floodwaters and the air that has already claimed almost 20 lives.

Read more