Earlier in May 2024, millions of Australians had their data stolen in the MediSecure hack, placing it among the largest cyber breaches in Australian history.
MediSecure, which facilitates electronic prescriptions and dispensing, confirmed in May it was the victim of a ransomware attack, although the theft itself took place earlier, and continued until November 2023.
Medisecure was one of only two eScript providers in Australia until late last year, when competitor eRx took over the government contract to supply the entire market.
Medisecure had not previously disclosed how many Australians were affected and has not contacted people individually. Threat actors gained access to the personal and health information of an undisclosed number of individuals.
The stolen data includes the reason prescription, full name, title, date of birth, gender, email address, address, phone number, individual healthcare identifier (IHI), Medicare card number, including individual identifier, and expiry, Pensioner Concession card number and expiry, Commonwealth Seniors card number and expiry, Healthcare Concession card number and expiry, Department of Veterans’ Affairs (DVA) card number and expiry, prescription medication, including name of drug, strength, quantity and repeats; and reason for prescription and instructions.
MediSecure investigated the security breach with the help of the National Cyber Security Coordinator. It also notified the Office of the Australian Information Commissioner and other relevant authorities.
Australian home affairs recommendation below
Services Australia advises that customers should consider using the more secure methods to sign into their myGov account, such as:
- Passkeys that are a simple, fast way to sign in to your myGov account – a more secure sign in option than using a password.
- using a connected Digital ID, which can also prove who you are when you use online services.
- using a strong and unique passphrase, and multi-factor authentication, such as getting a code sent by SMS.
