Hack affecting millions 'won't be the last', PM warns

Kat WongAAP
Camera IconMr Albanese described the cyber attack on prescriptions provider MediSecure as 'very significant'. (Dave Hunt/AAP PHOTOS) Credit: AAP

A cyber attack that led to the theft of personal data relating to almost half of all Australians will not be the last incident of its kind, the prime minister has warned.

Electronic prescriptions provider MediSecure revealed on Thursday 12.9 million customers had their data stolen, with an unknown amount uploaded to the dark web.

Prime Minister Anthony Albanese said the government was working with the Australian Federal Police and the private sector to address national security and privacy concerns.

"This is a very significant cyber event," Mr Albanese told reporters in Cairns on Friday.

"It's not the first and it won't be the last.

Read more...

"We know some state actors have been involved in cyber attacks, but we know also that criminal elements - both here and overseas - have been involved as well."

Australians have been urged not to respond to unsolicited messages about the data breach as they could be scam attempts.

Bad actors have launched cyber attacks on a variety of Australian sectors.

Thousands of Western Sydney University staff fell victim to a data breach in May, less than a year after highly sensitive Victorian government information was stolen and leaked to the web.

Millions more Australians have had their data compromised in attacks on Optus, Ticketmaster and Medibank.

Mr Albanese has encouraged Australians to become more cyber aware as threats proliferate.

MediSecure first became aware of the breach on April 13 when suspected ransomware was discovered on a server containing the sensitive personal and health data, then publicly confirmed the attack in May.

Australians who used the prescription delivery service from March 2019 to November 2023 were impacted, the company revealed.

About 6.5 terabytes of data, which included names, dates of birth, addresses, phone numbers, Medicare numbers, prescription information and reasons for medication.

A data sample has been exposed on the dark web but MediSecure said it was unable to identify specific individuals impacted due to the complexity of the data and the cost of doing so.

The company appointed liquidators and went into administration in June.

Get the latest news from thewest.com.au in your inbox.

Sign up for our emails