To protect Australians from inevitable future cyber attacks, the nation's standards and technology architecture must evolve to meet new threats, an expert has urged.
Electronic prescriptions provider MediSecure revealed on Thursday 12.9 million customers had their data stolen, with an unknown amount uploaded to the dark web.
Prime Minister Anthony Albanese said the government was working with the Australian Federal Police and the private sector to address national security and privacy concerns.
His assurance came ahead of a massive but unrelated IT outage affecting institutions across the nation on Friday, the cause of which initial suggestions indicate is not malicious.
"This is a very significant cyber event," Mr Albanese told reporters in Cairns on Friday in reference to the Medisecure attack.
"It's not the first and it won't be the last."
Australians have been urged not to respond to unsolicited messages about the data breach as they could be scams.
Though users should educate themselves, responsibility cannot fall solely on their shoulders.
Swinburne University of Technology expert Dimitrio Salampasis says the government must harmonise minimum requirements for companies' cybersecurity infrastructure, especially if they deal with sensitive data.
"The genie is out of the bottle," he told AAP.
"This is going to happen more and more often because technology is advancing.
"There is a need to have better architecture and more resilient infrastructure to constantly verify and secure transactions and data exchanges."
A variety of sectors have already fallen victim to hacks and data breaches.
Thousands of Western Sydney University staff and students fell victim to a data breach in May, less than a year after highly sensitive Victorian government information was stolen and leaked.
Millions more have had their data compromised in attacks on Optus, Ticketmaster and Medibank.
Once data is stolen, it is hard to predict where it will end up, Dr Salampasis said.
It could be sold to cybercriminals, used for medical fraud or used for financial exploitation.
Health data, in particular, can pose a risk to national security as it could help identify and target high-profile individuals.
"It's a systemic risk," Dr Salampasis said.
MediSecure first became aware of the breach on April 13 when suspected ransomware was discovered on a server holding sensitive personal and health data, then publicly confirmed the attack in May.
Australians who used the prescription delivery service from March 2019 to November 2023 were impacted, the company revealed.
About 6.5 terabytes of data, which included names, dates of birth, addresses, phone numbers, Medicare numbers and reasons for medication, was stolen.
A sample has been exposed on the dark web but MediSecure said it was unable to identify individuals impacted due to the complexity of the data and the cost of doing so.
The company appointed liquidators and went into administration in June.
