MediSecure, an Australian electronic prescriptions provider, was the target of a recent cyber attack. This data breach potentially exposed the personal and health information of many customers, including healthcare provider information and prescription information. The impacted data is connected to prescriptions distributed until November 2023. 

According to the Australian Department of Home Affairs, approximately 12.9 million individuals were affected.

Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4, comments, “This is a remarkable incident. Firstly, half of the Australian population now has sensitive data out there, including name and contact information as well as prescriptions and information on their medical history. This data set is a treasure trove for cybercriminals who want to launch targeted attacks at people, tricking them into behavior based on their health concerns. Rightly so, the Australian authorities warn about online scams, provide online advice and have even opened a mental health hotline.

“A national crisis committee has come together to coordinate a response to the incident. As one of formerly two online e-script providers, MediSecure was an integral part of the country's infrastructure. The incident must be a wake-up call for others. Healthcare is the most targeted sector across the globe. It is part of the critical infrastructure. It holds highly sensitive and valuable information. It often has sub-par cybersecurity, especially when it comes to governance and risk management — healthcare operations have IT systems and organizations that have organically grown over the years. The incident must fuel regulatory and legislative efforts to secure critical infrastructure and its supply chain. The most likely way of entry at MediSecure was a supplier.”