Privacy regulator reviews MediSecure data breach
Make us a preferred source
Make us a preferred source on Google
The news: MediSecure's data breach has been notified to the privacy regulator, which is conducting preliminary inquiries with the company to ensure compliance with the Notifiable Data Breach Scheme.
The context: In a statement today, the Office of the Australian Information Commissioner (OAIC) said it is working with agencies across the government as part of a "whole-of-government" response to the e-script provider's data breach overseen by the National Cyber Security Coordinator.
MediSecure said on 16 May it had identified a cyber security incident impacting the personal and health information of individuals. In an update on 18 May, the company said the incident related to data held by its systems up until November 2023.
The company confirmed the breach has affected personal information and limited health information relating to prescriptions, as well as the personal information of healthcare providers.
Under the notifiable data breach scheme, organisations covered by the Privacy Act must notify affected individuals and the OAIC as soon as practicable if they experience a data breach that is likely to result in serious harm to individuals whose personal information is involved.
What they said: “While this situation is ongoing, any major data breach reinforces the reality of today’s world: there are increasing cyber threats and continual challenges to digital defences,” Australian Privacy Commissioner Carly Kind said.
“The coverage of Australia’s privacy legislation lags behind the advancing skills of malicious cyber actors. Reform of the Privacy Act is urgent, to ensure all Australian organisations build the highest levels of security into their operations and the community’s personal information is protected to the maximum extent possible," Kind said.
The source: OAIC media release
