Current prescriptions have not been caught up in the MediSecure cyberattack, the national cyber security coordinator has said, but it has yet to be revealed how many people have had their personal information exposed.
The Australian federal police are investigating after the electronic prescriptions provider MediSecure reported being the victim of a large-scale ransomware data breach to national cyber security coordinator on Wednesday.
MediSecure has said the breach likely originated from a third-party vendor, but did not reveal its extent.
On Friday, the national cyber security coordinator, Lt Gen Michelle McGuinness, said the government was still “working to build a picture of the size and nature of the data that has been impacted by this data breach impacting MediSecure”.
“This discovery work often takes time and I understand Australians are anxious about the possibility of their personal information being affected,” she said.
“I want to assure everyone that we are working as fast as we can to complete our assessment and when we have further information to share about what has been impacted, we will share this with you – along with what affected people may need to do to protect themselves.”
MediSecure is one of two electronic prescriptions providers in Australia that has historically been responsible for the issue of millions of electronic prescriptions and was used extensively after the Covid-19 pandemic began in 2020. The health department said in January that since May 2020, over 189m electronic prescriptions have been issued.
Last year, the health department shifted to a single provider – eRx supplied by Fred IT Group – in a nearly $100m, four-year agreement – and as part of that agreement, healthcare providers and pharmacies moved from MediSecure to eRx. MediSecure still provides prescription services to private providers.
McGuinness said no current prescriptions were believed to have been compromised.
“From the information that is currently available to the government, no current ePrescriptions have been impacted or accessed,” she said. “The Department of Health has confirmed there has been no impact to the ePrescription services currently in use.”
McGuinness said MediSecure had advised that the compromise had been isolated. She said the agency was examining whether identity documents were compromised but Services Australia and the states and territories were working with the coordinator.
“We have not seen evidence so far to suggest that anyone needs to replace their Medicare card. If our investigation turns up any evidence to suggest Australians’ identities are at risk and they need to replace their documents, we will let them know.”
Key healthcare sector bodies including the Australian Medical Association, the Pharmacy Guild of Australia and major private hospital providers were also being briefed on the matter on Friday.
“These organisations and their members will play a key role in our response in the coming days and weeks,” she said.
Sophos’s state of ransomware report for 2024 found that of the 330 Australian cybersecurity or IT leaders surveyed in the report, 54% of Australian businesses reported being hit by a ransomware attack, down from 70% in 2023 and 80% in 2022. But the cybersecurity firm reported that the average ransom payment had increased by 297% from last year, up to a reported average payment of $9m.