The company has released more information about last week’s large-scale breach, confirming patients and professionals are affected.
Last week’s large-scale cyberattack on MediSecure has compromised personal information and “limited health information” relating to prescriptions, as well as the personal information of healthcare providers.
This applies to data held by MediSecure’s systems up until November 2023, the company said in a statement.
It also confirmed MediSecure was not a “current participant in Australia’s digital health network” and that the data breach had not impacted the prescribing and dispensing of medication.
In a statement released over the weekend on its website, which remains shut down save for a home page, the company said it was working closely with the National Cyber Security Coordinator and relevant government departments, agencies and regulators in relation to the data breach.
“The cyber security incident relates to data held by MediSecure’s systems up until November 2023,” the company said.
“We can confirm the cyber security incident impacts personal information and limited health information relating to prescriptions. Additionally, this cyber security incident also impacts the personal information of healthcare providers.
“MediSecure understands this will be concerning to our customers, and we are working very hard to communicate with impacted individuals as soon as possible. We appreciate your continued patience, and we will provide further updates to the community when available.”
The federal Department of Home Affairs has set up a dedicated webpage for the MediSecure data breach.
The department has reassured Australians that the current e-script service has been unaffected by the breach.
“Until late 2023, MediSecure was one of two prescription delivery services operating nationally,” it said in a statement on the web page.
“In May 2023 the Australian Government finalised a tender for this service, awarded exclusively to another company, Fred IT Group’s eRx Script Exchange (eRx).
“The national prescription delivery service, eRx, is not affected by this cyber incident. Consumers can continue to access medicines safely, and healthcare providers can still prescribe and dispense as usual.”
The department confirmed that a MediSecure database containing the personal and limited health information of individuals relating to prescriptions, as well as healthcare provider information has been affected by the “cyber security incident”.
“Additionally, digital systems supporting the Pharmaceutical Benefits Scheme, Medicare, Real Time Prescription Monitoring and My Health Record have not been impacted by this cyber security incident,” it said.
“The impact of this incident is isolated to MediSecure’s systems only. There is no evidence to suggest there is an increased cyber threat to the medical sector.”
Services Australia has advised that individuals do not need to take any action related to their Medicare, pensioner concession, healthcare concession, and Commonwealth seniors cards. The agency “is examining other potential impacts to individuals’ identity security associated with breached card numbers”.
In a statement published on social media, national cyber security coordinator Lieutenant General Michelle McGuinness CSC reassured Australians that paper and electronic prescriptions continued to operate as normal – even those issued before November 2023.
“On the incident itself, it is important to remember that the response is still in preliminary stages and information is still being obtained,” she said.
“We remain focused on protecting Australians and further updates will continue to be provided as the response progresses.”
