Australian Medical Data Breach, 16 May 2024

E-script provider MediSecure is the health organisation at the centre of the large-scale ransomware data breach

Early indicators suggest the incident originated from one of our third-party vendors.

Company Statement: Update on cyber security incident/data breach
Source: Australian government investigating ‘large-scale ransomware’ data breach of script provider MediSecure | ABC News (Australia)

View more incidents relating to the Health and Medical sector and Privacy Breaches.

MediSecure is the health organisation at the centre of the large-scale ransomware data breach announced by the national cyber security coordinator on Thursday.

MediSecure’s website has been pulled, and the company has posted a statement saying it has identified a cyber security incident impacting “the personal and health information of individuals”.

General practices and pharmacies now run e-scripts through eRx. This meant any general practices would no longer be able to create new eScripts, cancel or delete scripts previously generated in MediSecure, although they could still access older scripts on MediSecure servers.

MediSecure said at the time it would remain in the market providing private prescriptions. It’s unclear what data has been compromised and over what time period.

Earlier, national cyber security coordinator Michelle McGuinness was unable to share what company had been affected.

??Cyber security chief believes large-scale MediSecure data breach is an isolated incident??
I understand the context that it was only the MediSecure systems, but messaging is well off. – SK
National Cyber Security Coordinator Lt Gen Michelle McGuinness says initial investigations suggest MediSecure ransomware attack is an isolated incident.