Australian health business targeted in data breach

Federal police are investigating a large-scale data breach at an unnamed health organisation.

National Cyber Security Coordinator Lieutenant-General Michelle McGuinness on Thursday said a "commercial health information organisation" was the victim of the ransomware attack.

"I am working with agencies across the Australian government, states and territories to co-ordinate a whole-of-government response to this incident," she said in a statement.

"The Australian Signals Directorate, Australian Cyber Security Centre is aware of the incident and the Australian Federal Police is investigating.

"We are in the very preliminary stages of our response and there is limited detail to share at this stage but I will continue to provide updates as we progress while working closely with the affected commercial organisation to address the impacts caused by the incident."

Home Affairs Minister Clare O'Neil confirmed she had been briefed on the matter but didn't reveal the identity of the company.

"I have been briefed on this incident in recent days and the government convened a National Coordination Mechanism regarding this matter today," she wrote on social media site X.

"Updates will be provided in due course. Speculation at this stage risks undermining significant work underway to support the company's response."

In September 2022, Optus suffered a massive data breach that affected 10 million Australians and resulted in the driver's licences, Medicare and passport numbers of 10,000 customers being stolen and leaked online.

It prompted the government to introduce tough penalties for companies that failed to protect the sensitive information of their customers.