The company blames a third-party vendor for the incident and is working with authorities to investigate further.

Here's a breakdown of the situation:

• Data potentially compromised: Personal and health information related to prescriptions.
• Scope: Unclear at this stage, but the breach likely occurred before November 2023 as MediSecure is no longer used for new prescriptions.
• Cause: MediSecure believes a third-party vendor is responsible.
• Government involvement: The Australian Digital Health Agency, National Cyber Security Coordinator, Office of the Australian Information Commissioner, and other regulators are notified.
• Investigation: The Australian Cyber Security Centre and Australian Federal Police are investigating.
• Impact on prescriptions: General practices can still access older scripts on MediSecure servers but cannot create new ones or modify existing ones. The National Prescription Delivery Service (eRx) is the current system for e-scripts.

The national cyber security coordinator Lieutenant General Michelle McGuinness described the breach as "a large-scale ransomware data breach incident” on May 15. Healthcare institutions hold a treasure trove of sensitive data and this information is highly valuable to cybercriminals. The Australian Cyber Security Centre (ACSC) urges all healthcare institutions to take immediate action to strengthen their cybersecurity posture.

To Stay Informed:

• Monitor the ACSC website https://www.cyber.gov.au/ for the latest cyber threats and guidance.
• Subscribe to the ACSC's Malicious Actors Advisory Group (MAAG) alerts for sector-specific cyber threats.