Electronic prescription provider MediSecure has fallen victim to a cyber security incident potentially putting the health data of an unknown number of people at risk.
In a May 16, 2024, social media posting, the Australian National Security Coordinator stated, “Yesterday afternoon I was advised by a commercial health information organisation that it was the victim of a large-scale ransomware data breach incident. I am working with agencies across the Australian Government, states and territories to coordinate a whole-of-government response to this incident. The Australian Cyber Security Centre is aware of the incident and the Australian Federal Police is investigating.”
“We have taken immediate steps to mitigate any potential impact on our systems,” MediSecure said in a statement released overnight. “While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”
“MediSecure takes its legal and ethical obligations seriously and appreciate this information will be of concern. MediSecure is actively assisting the the National Cyber Security Coordinator to manage the impacts of the incident.”
MediSecure has notified the Office of the Australian Information Commissioner and other key regulators and will provide further updates as soon as more information becomes available.