Ban looms for data breach ransom payments

It could soon be illegal for companies that fall victim to data breaches to pay ransoms to the hackers.

Home Affairs Minister Clare O'Neil has confirmed the government is examining whether new laws are needed to stop ransom payments in the wake of the Medibank and Optus data breaches.

While short-term successes were needed in cyber security reform following the mass hacks, she said on Sunday, other long-term outcomes were being considered including banning ransom payments.

It follows the government launching a high-tech policing operation targeting the network of hackers behind the Medibank attack, which stole the medical histories and private information of customers.

"The way we're thinking about the reform task ... is a bunch of quick wins, things that we can do fast, and the standing up for the new police operation is one of those," Ms O'Neil told the ABC's Insiders.

"There's some really big policy questions that we're going to need to think about and consult on, and we're going to do that in the context of the cyber security strategy.

"We'll have a look at (making ransom payments illegal)."

Ms O'Neil said Medibank was right not to pay the ransom demanded by the hackers, with those behind the breach threatening to release more data if the amount was not paid.

"I have never seen people that lack a moral code so clearly than the hackers who are releasing data about Australians online," she said.

"The idea we're going to ... trust these people to delete data they have taken off and may have copied a million times is just, frankly, silly ... we don't want to fuel the ransomware business model."

Federal police confirmed on Friday Russian criminals were behind the attack on Australia's largest private health insurer.

A 100 officer-strong, standing cybercrime operation targeting hackers will be led by the AFP and Australian Signals Directorate.

"This is Australia standing up and punching back," Ms O'Neil said.

"We are not going to sit back while our citizens are treated this way and allow there to be no consequences for that.

"We are offensively going to find these people, hunt them down and debilitate them before they can attack our country."

The minister said the response to cyber offences needed to be improved, due to their number.

She said institutions like NAB received 50 million attacks a month and the tax office three million.

"I don't think anyone can promise cyber attacks are going to go away and one of the things people need to understand is really how relentless this is," she said.

Almost 500,000 health claims were stolen along with personal information, as part of the Medibank breach.

The insurer has created a one-stop shop of mental health and other support services affected customers can access via its website.

Nationals leader David Littleproud said he wanted to work closely with the government to speed up passage of legislation to ensure better cyber security measures and larger fines for companies.

"Let's work together and get this right because this is people's private data being shared on the dark web for reasons that shouldn't be put out there," he told the Nine Network.

"There's an opportunity to actually expedite it. We're saying to the government let's see the urgency in this."

Ms O'Neil said there needed to be a mechanism to make sure companies only held data while it was useful and then dispose of it.