The Australian and NSW Governments are responding to a cyber incident involving MediSecure, a former national prescription delivery service provider.
The breach has compromised a database containing personal and health information related to prescriptions distributed up until November 2023.
The national prescription delivery service, eRx, and the National Prescription Delivery service, are not affected by this cyber incident. Consumers can continue to access medicines safely, and healthcare providers can still prescribe and dispense as usual.
The National Office of Cyber Security is collaborating with MediSecure to manage and understand the incident's impacts, ensuring there is no heightened cyber threat to the medical sector.
Preliminary investigations reveal that the compromised data includes both personal information and limited health information of individuals and healthcare providers. The affected parties will be notified once the full extent of the breach is determined.
Services Australia is involved in assessing the data affected and assures that healthcare card identifiers, such as Medicare card numbers, cannot be used to access services fraudulently.
Services Australia advises those who are concerned about healthcare card identifiers (such as your Medicare card number) that card numbers alone cannot be used to access Medicare services, or as part of the Australian Government’s Document Verification Service.
No immediate action is required from the public concerning their medical identification cards.
The National Coordination Mechanism, the Australian Cyber Security Centre, the National Emergency Management Agency, the Australian Federal Police, and the Office of the Australian Information Commissioner, are actively engaged in addressing the breach.
The Australian and NSW Governments and MediSecure are continuing to work together to mitigate the impacts of the breach and keep the public informed.
