Albanese says MediSecure hack 'very significant' and warns it 'won't be the last'

With almost half of Australia's population impacted, the MediSecure cyber attack is one of the biggest data breaches in the nation's history.

A man wearing a suit, tie and glasses listens as someone speaks.

Prime Minister Anthony Albanese said cyber attacks can be issues of national security. Source: AAP / Jono Searle

Key Points
  • MediSecure has revealed how many Australians were affected by a cyber attack earlier this year.
  • The national prescription delivery service provider went into voluntary administration in June.
  • An investigation has found that 6.5 terabytes of data was exposed in the data breach.
Hackers stole personal data including the health information of nearly 13 million Australians earlier this year, making it one of the nation's biggest cyber attacks.

Electronic prescriptions provider MediSecure on Thursday revealed 12.9 million customers had their data stolen, an unknown amount of which has been uploaded to the dark web.

Prime Minister Anthony Albanese labelled the hack a "very significant cyber event" and confirmed the Australian Federal Police investigation into the attack continued.

"It is not the first and it won’t be the last," Albanese told reporters on Friday. "It is something that we are very conscious of as a government and we are working with the private sector, as well as with our agencies, because these issues can be an issue of national security but they can be an issue as well of the privacy of individuals."

Albanese said Australians should not respond to unsolicited contact referencing the MediSecure data breach as it would likely be a scam.
Hacker using a laptop. A computer screen with lots of numbers on it can be seen as a blur in the background.
The Melbourne-based eScript provider MediSecure confirmed in May that it was the victim of a cyber attack. Source: Getty / Seksan Mongkhonkhamsao
MediSecure, a Melbourne-based eScript provider, first became aware of the breach on 13 April when suspected ransomware was discovered on a server containing the sensitive personal and health data, then publicly confirmed the attack in May.

MediSecure said Australians who used the company's prescription delivery service from March 2019 to November 2023 were impacted, their data stolen by a malicious third-party actor.

What personal data was stolen?

Among the 6.5 terabytes of data stolen are names, dates of birth, addresses, phone numbers, Medicare numbers, prescription information and the reasons for the medication.

A sample of personal information has been exposed on the dark web but the company said it was unable to identify specific individuals impacted due to the complexity of the data and the cost of doing so.

The federal government was not aware of publication of the full data set, National Cyber Security Coordinator Lieutenant General Michelle McGuinness said on X, formerly Twitter.

"No one should go looking for or access stolen sensitive or personal information from the dark web," Lt Gen McGuinness said on Thursday.
"This activity only feeds the business model of cyber criminals and can be a criminal offence."

People who go searching for their information on the dark web risk committing cybercrime if they deal with stolen personal information and can attract a five-year jail term.

"I understand many Australians will be concerned about the scale of this breach. I encourage everyone, whether impacted in this incident or not, to be alert to being targeted in scams," Lt Gen McGuiness said.

Has there been any impact on the national electronic prescription service eRx?

MediSecure was one of two electronic prescription delivery services until late 2023, with the Australian government awarding the service exclusively to eRx Script Exchange.

The company appointed liquidators and went into administration in June, and is not part of Australia's digital health network.

National prescription delivery service eRx is not affected by this cyber incident, the government confirmed.

"Consumers can continue to access medicines safely, and healthcare providers can still prescribe and dispense as usual," it said.
Impacting almost half of the population, the MediSecure breach makes it one of the largest cyber attacks in Australia.

An attack on Optus in September 2022 affected 10 million users and another in October at Medibank impacted about 9.7 million people.

Those impacted by the cyber hack may see an increase in phishing, identity-related crime and cyber scam activities.

The national cyber security coordinator urged them to keep a lookout lookout for scams referencing the MediSecure data breach, and do not respond to unsolicited contact that references the company's data breach.

Share
4 min read
Published 19 July 2024 6:41am
Updated 19 July 2024 11:16am
Source: AAP, SBS



Share this with family and friends