Data breach hits digital prescription provider MediSecure
E-script provider MediSecure says it is investigating a major data breach. Photos: Getty
Electronic prescription provider MediSecure has revealed it is at the centre of the latest “large-scale ransomware data breach” to hit an Australian business.
The Melbourne-based company confirmed on Thursday it was the subject of the investigation launched by National Cyber Security Co-ordinator Lieutenant-General Michelle McGuinness.
“MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems,” the company said in a statement on its website.
“While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”
MediSecure said it was assisting McGuinness and the Australian Digital Health Agency to work through the impacts of the incident.
It had also notified the Office of the Australian Information Commissioner and other key regulators.
“MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available. We appreciate your patience and understanding during this time,” it said.
Further details of the exact extent of the data breach were not revealed.
The statement was the only content on MediSecure’s website on Thursday.
The statement on the MediSecure website.
The company’s software allows patients to receive e-scripts, or digital scripts, from their doctors – raising the possibility personal medication information has been leaked online.
Earlier, McGuinness revealed the “large-scale ransomware data breach” of a commercial health information, though she did not name the company.
“I am working with agencies across the Australian government, states and territories to co-ordinate a whole-of-government response to this incident,” she said.
McGuinness said the Australian Cyber Security Centre was aware of the incident and Australian Federal Police were investigating.
“We are in the very preliminary stages of our response and there is limited detail to share at this stage,” she said.
“I will continue to provide updates as we progress while working closely with the affected commercial organisation to address the impacts caused by the incident.”
Cyber Security Minister Clare O’Neil said she had been briefed on the incident.
“Michelle McGuinness is leading work across the Australian government to support the company in managing this large-scale ransomware incident,” she said.
“Updates will be provided in due course. Speculation at this stage risks undermining significant work under way to support the company’s response.”
The government convened a National Co-ordination Mechanism on the breach on Thursday.
In September 2022, Optus suffered a massive data breach that affected 10 million Australians and resulted in the driver’s licences, Medicare and passport numbers of 10,000 customers being stolen and leaked online.
It prompted the Albanese government to introduce tough penalties for companies that failed to protect the sensitive information of their customers.