Advertising


News

Nearly 13 million Australians impacted by MediSecure data breach


Michelle Wisbey


18/07/2024 7:26:11 PM

The breach is one of the largest cyber attacks in the nation’s history, after the personal health information was stolen earlier this year.

Hacker sitting at computer.
MediSecure went into voluntary administration in June.

MediSecure has confirmed hackers stole the data of 12.9 million Australians, in one of the largest breaches in the country’s history.
 
The company has confirmed the data of Australians who used the MediSecure prescription delivery service up until November 2023 was stolen in May by a malicious third-party actor.

The data breach was already known, but its scale remained a mystery until late on Thursday.
 
‘MediSecure would like to reiterate it is not a current participant in Australia’s digital health network,’ it said in a statement.
 
‘At the time of the Incident, MediSecure did not have any connections to the prescribing and dispensing of medications.
 
‘Australians can continue to access medicines safely, and healthcare providers can still prescribe and dispense as usual through the national prescription delivery service, eRx.’
 
GPs have been assured there is no impact to the current national prescription delivery service, and that patients can continue to access medications and fill prescriptions.
 
Earlier on Thursday, the RACGP was called into an urgent meeting with the Office of Cyber Security.
 
RACGP President Dr Nicole Higgins said they were given ‘very little information’ in the meeting and would be later updated.
 
She also reiterated that GPs can assure their patients that the current systems are secure.
 
‘This reinforces that this is an opportunity for practices to review their own cyber security and to reassure patients that the current systems for prescriptions are safe and secure,’ Dr Higgins told newsGP.
 
‘It’s not current and people can use e-scripts with confidence.’
 
The service fell victim to the attack in May, when it revealed the contact and health information was stolen.
 
The incident remains under investigation by the Australian Federal Police.
 
National Cyber Security Coordinator Lieutenant General Michelle McGuinness said at this time, the Federal Government is not aware of publication of the full data set.
 
‘I understand many Australians will be concerned about the scale of this breach,’ she said.
 
‘No one should go looking for or access stolen sensitive or personal information from the dark web.’
 
In a document prepared for healthcare professionals the National Office of Cyber Security confirmed both paper and electronic prescriptions continue to operate as normal.
 
‘People can continue to access medicines, doctors can still prescribe, and pharmacists can still dispense as usual,’ it said
 
‘People should keep accessing their medications and filling their prescriptions.’
 
Services Australia has advised that individuals do not need to take any action related to their Pensioner Concession, Healthcare Concession, and Commonwealth Seniors cards.
 
MediSecure went into voluntary administration in June following the breach, and up until late 2023, it was one of two prescription delivery services operating nationally.
 
The RACGP has several resources to help practices navigate data breaches.
 
Specific information for GPs on the data breach and answers to further questions is available online.
 
Log in below to join the conversation.



cyber security data breach MediSecure


newsGP weekly poll How often do you feel pressure from patients to prescribe antibiotics that are not clinically necessary?
 
26%
 
37%
 
20%
 
15%
Related




newsGP weekly poll How often do you feel pressure from patients to prescribe antibiotics that are not clinically necessary?

Advertising

Advertising


Login to comment

Dr Peter James Strickland   19/07/2024 5:54:52 PM

The big question here is how are these organisations hacked in the first place, and why haven't they got secure systems that are upgraded by their so-called security experts? It is the same question that should answered by Telstra etc on how millions of people get fraudulent phone calls on changing telephone numbers issued by those tech companies? In other words, anyone who has NOT got a legitimate phone number paying Telstra etc should be blocked instantly, and the Australian Signals Directorate informed to do the same, eg all 0011 numbers I receive frequently!