The health company at the centre of a cyber attack has asked the federal government for a bailout, as the personal information of some Australians has been posted for sale online.
Earlier this month MediSecure, which facilitates electronic prescriptions and their dispensing, confirmed it was the victim of a large-scale ransomware data breach.
Personal information and information relating to prescriptions was stolen as well as the personal information of healthcare providers.
MediSecure has not said how many Australians have been affected but confirmed the data taken was from its systems up until November last year.
Australia's Cyber Security coordinator today announced someone is attempting to sell the personal information on the dark web. The dark web is only accessible via specialised web browsers and is often used to sell illegal items, including stolen data.
In a statement, Lieutenant General Michelle McGuinness said it was an "unwelcome development."
"We are aware a dataset purporting to be from the MediSecure breach has been advertised for sale on a dark web marketplace, along with a sample of the data," she said.
"Australians should not go looking for this data. Accessing stolen sensitive or personal information on the dark web only feeds the business model of cybercriminals."
The Australian Federal Police continue to investigate the cyber attack and the Australian Signals Directorate are also assisting.
Lieutenant General McGuinness would not disclose how many people authorities believe have been impacted by the latest development.
"I am urgently working with relevant government agencies and relevant health industry bodies on ensuring that medical practitioners are advised of actions they need to take," she said.
"We believe at this stage that this is a relatively small group that has been affected."
The attempt to sell personal information online by an unknown criminal comes just days after MediSecure requested further help from the government.
Australian government cyber experts are already providing technical assistance, and federal police are investigating, however the health company has also asked for financial support.
The ABC has been told MediSecure requested a bailout from the federal government, with that money to be used to help cover the company's operating costs since the attack.
There is no suggestion it wanted money to pay a ransom, and the ABC has not been advised that any ransom has been requested.
The ABC has been told the request for financial support has been declined.
This is the first time a request for financial support has been made by a private company, following a cyber attack.
MediSecure allowed doctors to write scripts to a pharmacy of a patient's choice. Until late last year it was one of two companies offering such a service nationally.
Last year MediSecure missed out on a significant federal government contract to operate a national electronic prescription delivery service.
More than 122 million ePrescriptions were issued between May 2020 and March 2023, according to the Australian Digital Health Agency.
Lieutenant General McGuinness has not commented on the company's request for financial help but assured patients the cyber attack does not change the way people can seek medical help.
"Paper and electronic prescriptions continue to operate as normal. People can continue to access medicines, doctors can still prescribe and pharmacists can still dispense as usual," she said.
The ABC has contacted MediSecure.
The Royal Australian College of General Practitioners has also been contacted for comment.