Article Details
Scrape Timestamp (UTC): 2024-05-16 17:09:45.436
Original Article Text
Click to Toggle View
MediSecure e-script firm hit by ‘large-scale’ ransomware data breach. Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor. The incident has impacted personal and health information of individuals but the extent remains unclear at this time. Operating since 2009, MediSecure provides digital tools to healthcare professionals to manage and dispense medications to patients. The company has issued millions of eScripts via its private and the state-backed eRx systems. Until November 2009, it was one of the two two paperless script networks in Australia. Today, the company announced that it has been indirectly impacted by a cybersecurity incident on one of its service providers, that has resulted in a data breach. “MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems,” reads the public statement. An investigation has started and "early indicators suggest the incident originated from one of our third-party vendors,” the company says. The organization has informed key regulators in Australia, including the Office of the Australian Information Commissioner, and is working with the National Cyber Security Coordinator (NCSC) to mitigate the impact of the cyberattack. In a short announcement, the Australian NCSC said that "a commercial health information organisation" reported being "the victim of a large-scale ransomware data breach incident." Although MediSecure did not mention a ransomware attack, The Australian Financial Review and ABC [1, 2] report that the company behind the NCSC's announcement was MediSecure. The NCSC noted that the investigations is in too early a stage to be able to share any useful details about the impact this cybersecurity incident has on the Australian population. The worst healthcare-related data breach incident in Australia’s recent history is that of Medibank that was breached by the REvil ransomware gang in October 2022. That breach compromised the information of nearly 9.7 million Medibank and included personally identifiable details, contact, and healthcare data.
Daily Brief Summary
MediSecure, an electronic prescription provider in Australia, faced a ransomware attack impacting personal and health information, with scale and specifics still under assessment.
The attack, initiated through a third-party vendor, led to the shutdown of MediSecure's website and communication systems to mitigate further risk.
Operating since 2009, MediSecure has been instrumental in delivering digital healthcare solutions, specifically managing and dispensing medications electronically.
The company has initiated a thorough investigation into the breach and is collaborating with Australia's National Cyber Security Coordinator and the Office of the Australian Information Commissioner.
Public statements acknowledged the incident and emphasized immediate steps taken to secure systems and data, although details regarding the ransom demand, if any, were not disclosed.
This incident marks one of the significant healthcare-related cyber-attacks in Australia, following the major Medibank breach in October 2022, highlighting ongoing vulnerabilities in the healthcare sector related to cyberattacks.