Australia Investigates Data Breach at National Electronic Prescriptions Provider; Health Data Potentially Compromised

The Australian government is investigating a large-scale ransomware attack involving MediSecure, a Melbourne-based electronic prescriptions provider.

According to the health department, MediSecure’s e-script service has issued over 189 million electronic prescriptions since May 2020.

“MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems,” a MediSecure public statement reads. “While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”

While the company has yet to reveal the number of impacted patients, Lieutenant General Michelle McGuinness, Australia’s cyber security coordinator, says the attack was an “isolated incident” and “no other entities are impacted.”

McGuinness also told local news outlets that there is currently no indication that any information potentially stolen in the breach has been published online. However, she warned that cybercriminals are likely to target the health industry again.

"We have not seen evidence so far to suggest that anyone needs to replace their Medicare card," McGuiness explained. "If our investigation turns up any evidence to suggest Australians' identities are at risk and they need to replace their documents, we will let them know."

What are the potential risks?

While the investigation has yet to provide details about the type of potentially stolen data, cybercriminals could have gotten away with both personally identifiable information (PII) and personal health information (PHI) from patients.

Threat actors go to great lengths to get their hands on PHI and other sensitive data that enables them to defraud victims.

Until police and other government agencies complete their investigation, users should remain vigilant and considering upgrading their security posture by using a security solution and maintaining good digital practices.

Not sure what to do in the aftermath of a data breach?

Use Bitdefender Digital Identity Protection, our dedicated identity protection service packs handy features that enable you to find out in real time if and when your personal information has been leaked online. Alongside 24/7 data breach alerts, you also benefit from the industry's first Identity Protection Score, which helps you understand the extent of the breach and how it can impact your livelihood.