Australian government warns of 'large-scale ransomware data breach'

The Australian government warned on Thursday of a “large-scale ransomware data breach” affecting healthcare data in the country.

The incident, also disclosed by prescription company MediSecure on its homepage, is said to have impacted “the personal and health information of individuals.”

MediSecure said “early indicators suggest the incident originated from one of our third-party vendors” and that it recognized the breach would be of concern for the company’s customers.

“MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available. We appreciate your patience and understanding during this time,” the website stated.

The incident recalls an October 2022 ransomware attack on Medibank, one of the country’s largest health insurance providers, that led to the scandalous publication of sensitive healthcare data.

As part of the Medibank criminals’ extortion attempt, sensitive healthcare claims data for around 480,000 individuals — including information about drug addiction treatments and abortions — was published on the dark web.

The move, alongside several other high-profile breaches, set off a range of cybersecurity reforms in Australia. These included an updated national cybersecurity strategy that ultimately fell short of the government’s initial intentions to ban ransomware payments in their entirety.

Following the Medibank incident, Australia, the United Kingdom and the United States imposed sanctions and travel bans on a Russian hacker, Aleksandr Ermakov, whom they accused of being involved in the extortion attempt.

Australia’s national cybersecurity coordinator — an office established in the wake of the Medibank incident — said the government was aware of the MediSecure incident, and that the Australian federal police were investigating it.

“We are in the very preliminary stages of our response and there is limited detail to share at this stage, but I will continue to provide updates as we progress while working closely with the affected commercial organisation to address the impacts caused by the incident,” wrote the coordinator, Michelle McGuinness, on social media.

Clare O’Neil, Australia’s minister for cybersecurity, said she had been briefed on the incident. “Updates will be provided in due course,” she wrote on social media. “Speculation at this stage risks undermining significant work underway to support the company’s response.”