MediSecure
Update on progress of response to cyber security incident/data breach
MediSecure has been in the process of reviewing the data set exposed on a dark web forum to identify impacted individuals following the recent restoration of the data. We have been working with the Commonwealth Government with a view to those impacted individuals being notified as soon as possible.
In light of recent media reports, MediSecure wishes to clarify that it sought funding from the Commonwealth Government for the limited and confined purpose of assisting with the costs associated with responding to the incident, and the request was not for funding MediSecure’s operational costs unrelated to the cyber-attack. In any event, that request was denied.
MediSecure has to date continued to work closely with the National Cyber Security Coordinator, the Australian Federal Police, the Australian Signals Directorate, and the Office of the Australian Information Commissioner in a manner consistent with Australia’s national security interests and the community’s expectations.
We have also been working with cyber and forensic experts from McGrathNicol Advisory in collaboration with the National Cyber Security Coordinator, to endeavour as quickly as possible to confirm the extent of the data breach and all individuals impacted. We are grateful for their support, without which we would be unable to make progress with respect to the incident response.
We appreciate this process has taken time, and MediSecure has continued to make every effort to assist the Government in responding to this cyber-attack.
31 May 2024
Further update on cyber security incident/data breach
MediSecure is aware that a data set containing the personal information and limited health information of our customers has been made available on a dark web forum. We urge Australians to not go looking for this data. Accessing stolen sensitive or personal information on the dark web only promotes future cyber criminal activities against Australian businesses.
While MediSecure is urgently working towards notifying the impacted individuals, we wish to reiterate and reassure the Australian community that this cyber security incident does not impact any ongoing access to medication.
We encourage anyone concerned about their information to visit the OAIC website for data breach support and resources [link]. For further information about this cyber security incident please refer to the dedicated Home Affairs webpage [link].
24 May 2024
Update on cyber security incident/data breach
MediSecure continues to work closely with the National Cyber Security Coordinator and relevant Government departments, agencies and regulators in relation to this cyber security incident and we appreciate the ongoing support and assistance.
MediSecure is not a current participant in Australia’s digital health network. As such, this cyber security incident does not impact the prescribing and dispensing of medication.
The cyber security incident relates to data held by MediSecure’s systems up until November 2023.
We can confirm the cyber security incident impacts personal information and limited health information relating to prescriptions. Additionally, this cyber security incident also impacts the personal information of healthcare providers.
MediSecure understands this will be concerning to our customers, and we are working very hard to communicate with impacted individuals as soon as possible. We appreciate your continued patience, and we will provide further updates to the community when available.
You may also refer to the webpage https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/cyber-coordinator/medisecure-cyber-security-incident for more detailed information relating to this incident.
18 May 2024
Cyber security incident/data breach
MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems.
While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.
MediSecure takes its legal and ethical obligations seriously and appreciate this information will be of concern. MediSecure is actively assisting the the National Cyber Security Coordinator to manage the impacts of the incident. MediSecure has also notified the Office of the Australian Information Commissioner and other key regulators.
MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available. We appreciate your patience and understanding during this time.
16 May 2024