How the MediSecure hack affects you
Nearly one in two Australians were affected by the attack on the prescription service provider, but the full impact is not yet known.
What you can do
Be on the lookout for scams that refer to or use information from this data breach.
Scams may come in the form of emails or messages telling people they have been caught up in the hack and need to take certain steps or need to click on certain links. Don’t do that.
Other scams old involve unsolicited messages or calls from someone posing as a medical or financial provider seeking payment. Hang up on these calls and, if necessary, contact the company the caller claimed to be representing on a phone number that you have sourced yourself.
Report suspected scams to the National Anti-Scam Centre using the Scamwatch website.
Also, be aware of phishing emails and texts. These scams attempt to solicit information by pretending to be from a person or organisation you trust. They often involve trying to get you to click on a link.
You can get support from the Office of the Australian Information Commissioner and use IDMatch get guidance on how to keep your identity information safe.
One of the biggest cyber breaches in Australian history has compromised the personal details of nearly 13 million people who used the MediSecure prescription service.
The hack occurred between March 2019 and November 2023, but its effects are ongoing.
MediSecure, which facilitated electronic prescriptions and dispensing, confirmed it was the victim of a ransomware attack.
The company went into voluntary administration in June after the Federal Government declined to provide it with a financial bailout and has not disclosed how many Australians were affected and has not contacted people individually.
MediSecure was one of only two eScript providers in Australia until late last year, when competitor eRx took over the government contract to supply the entire market.
The stolen data included full names, phone numbers, dates of birth, home addresses, Medicare numbers, and Medicare card expiry dates, as well as some sensitive health information, such as which medications people were prescribed, dosages, the reason for their prescription, and instructions for taking the medication.
Credit card details were not exposed in the breach.
National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, has emphasised that current eScript services are not affected, and people should keep accessing their medications and filling their prescriptions.
Services Australia and the Department of Veterans’ Affairs have advised that card numbers alone cannot be used as proof of identity or to access your accounts and that Pensioner Concession, Healthcare Concession, and Commonwealth Seniors cards do not need to be replaced.
However, consumer advocate CHOICE says breaches like this can increase the risk of scams and identity theft. When information is leaked onto the “dark web” – a part of the internet only accessible by special software and often used by criminals to exchange information – scammers can piece together data from several sources. This allows them to build a profile of a person and make them more vulnerable to scams.
With the Optus and Medibank breaches in 2022 and the hacking of financial services company Latitude last year, affecting 14 million people, authorities believe most Australians have been exposed in some way, and some several times over.
CHOICE says continuing data breaches risk eroding trust in the digital world and highlight the need for better privacy protection.
“Better privacy protections and less cybersecurity incidents will help to increase trust in digital systems, so that people can go about their everyday tasks like banking and grocery shopping without worrying about security,” Kate Bower, CHOICE’s consumer data advocate said.
“The Privacy Act has been around since the late 1980s; it’s clearly not fit for purpose for our modern digital age, and this is just yet another example, and a quite potentially harmful one, of why the need for privacy reform is urgent.”
CHOICE’s latest Consumer Pulse survey found that only one in eight Australians trust that companies are using the data they collect responsibly.
