cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

BREAKING: NCSC warns of ‘large-scale ransomware data breach incident’; MediSecure the victim

Australia’s National Cyber Security Coordinator (NCSC) has said it is working on a “whole-of-government response” ransomware attack on e-prescription firm MediSecure.

user icon David Hollingworth
Thu, 16 May 2024
BREAKING: NCSC warns of ‘large-scale ransomware data breach incident’ at Australian healthcare org
expand image

The national cyber security coordinator, Lieutenant General Michelle McGuinness, has released a statement warning of a major ransomware attack and data breach involving an unnamed Australian healthcare provider – however, hours later, e-prescription firm MediSecure came forward with a statement saying it was the victim.

“Yesterday afternoon, I was advised by a commercial health information organisation that it was the victim of a large-scale ransomware data breach incident,” LTGEN McGuinness said in a statement on LinkedIn.

“I am working with agencies across the Australian government, states and territories to coordinate a whole-of-government response to this incident.”


According to LTGEN McGuinness, the Australian Signals Directorate’s Australian Cyber Security Centre, as well as the Australian Federal Police, are investigating the incident.

“We are in the very preliminary stages of our response, and there is limited detail to share at this stage, but I will continue to provide updates as we progress while working closely with the affected commercial organisation to address the impacts caused by the incident,” LTGEN McGuinness said.

Neither the AFP nor ACSC has any further information on their respective sites, and so far, no known threat actor has claimed responsibility for the hack. If it is a ransomware attack, however, the threat actor will likely post something on the darknet shortly.

Minister for Cyber Security Clare O’Neil also released a statement shortly afterwards.

“I have been briefed on this incident in recent days, and the government convened a National Coordination Mechanism regarding this matter today,” Minister O’Neil said in a LinkedIn post.

“The national cyber coordinator, Michelle McGuinness, is leading work across the Australian government to support the company in managing this large-scale ransomware incident.

“Updates will be provided in due course. Speculation at this stage risks undermining significant work underway to support the company’s response.”

Minister O’Neil, too, declined to name the provider, but later in the day, electronic prescription provider MediSecure revealed it was the victim in a statement on its website.

“MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems," the statement said.

“While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.

“MediSecure takes its legal and ethical obligations seriously and appreciate this information will be of concern. MediSecure is actively assisting the Australian Digital Health Agency and the National Cyber Security Coordinator to manage the impacts of the incident. MediSecure has also notified the Office of the Australian Information Commissioner and other key regulators.

“MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available. We appreciate your patience and understanding during this time.”

As of writing, that advisory is the only live page on MediSecure's website – all other pages are returning a 404 error.

According to Wayne Phillips, field chief technology officer for the APAC at SentinelOne, this incident highlights a growing problem in the healthcare industry.

“A ransomware attack on any Australian healthcare provider is devastating but should not be surprising,” Phillips told Cyber Daily via email.

“This incident highlights the severe implications for patient care, data privacy, and overall confidence in healthcare systems. Healthcare providers prioritise availability-of-service over security control to ensure positive patient outcomes, but this leaves them more vulnerable to larger attacks and longer outages. Something must change. The massive impact on patients and their privacy makes healthcare a soft target to ransomware attacks. This attack raises critical questions about the robustness of cyber security controls in the healthcare sector.

“As providers increasingly rely on digital systems, the necessity for stringent cyber security protocols and rapid threat detection and response strategies becomes paramount to safeguard against future attacks and to ensure the resilience of vital healthcare services.”

UPDATE 16/05/24: Added comment from Minister for Cyber Security Clare O’Neil.

UPDATE 16/05/24: Added statement from MediSecure.

UPDATE 16/05/24: Added comment from SentinelOne.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cd intro podcast

Introducing Cyber Daily, the new name for Cyber Security Connect

Click here to learn all about it
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.