MediSecure has been forced to shut down its online presence and customer service lines following a severe ransomware attack. The Melbourne-based company publicized the incident via its website, revealing that sensitive personal and health data of its clients might have been compromised.
“We have taken immediate steps to mitigate any potential impact on our systems,” the statement read. “MediSecure takes its legal and ethical obligations seriously and appreciate this information will be of concern.”
The cybersecurity breach prompted a whole-of-government response by Michelle McGuinness, Australia’s national cyber security coordinator. According to McGuinness, multiple government agencies like the Australian Signals Directorate and the Australian Federal Police are currently involved in investigating and responding to the incident.
McGuinness shared on social media platform X: “I have been briefed on this incident in recent days and the government convened a National Coordination Mechanism regarding this matter today.”
It has been suggested that the breach originated from a third-party vendor associated with MediSecure, but specific details were not been disclosed.
Since its inception in 2009, MediSecure has been integral to the electronic distribution of prescriptions among health professionals in Australia.
The breach at MediSecure echoes a similar incident in 2022 when Medibank, another major health entity, suffered a cyberattack affecting nearly 9.7 million customers. That attack was linked to a notorious ransomware group believed to be operating out of Russia.
The rising tide of cyber threats against Australian businesses and infrastructure was highlighted in the Australian Signals Directorate’s latest cyber threat update. The report noted nearly 94,000 cybercrime reports over the past year, marking a 23% increase from the previous year. The document also pointed to China’s significant role in the cyberattacks targeting Australia’s critical sectors.
In light of these escalating threats, the Australian government unveiled a comprehensive cyber security strategy last November, committing $565 million over seven years to enhance incident reporting and defences against such attacks.