The Information Highway

The Information Highway

Font size: +
2 minutes reading time (379 words)

MediSecure e-script firm hit by ‘large-scale’ ransomware data breach

Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor.

The incident has impacted personal and health information of individuals but the extent remains unclear at this time.

Operating since 2009, MediSecure provides digital tools to healthcare professionals to manage and dispense medications to patients.

The company has issued millions of eScripts via its private and the state-backed eRx systems. Until November 2009, it was one of the two paperless script networks in Australia.

Today, the company announced that it has been indirectly impacted by a cybersecurity incident on one of its service providers, that has resulted in a data breach.

"MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems," reads the public statement.

An investigation has started and "early indicators suggest the incident originated from one of our third-party vendors," the company says. 

The organization has informed key regulators in Australia, including the Office of the Australian Information Commissioner, and is working with the National Cyber Security Coordinator (NCSC) to mitigate the impact of the cyberattack.

In a short announcement, the Australian NCSC said that "a commercial health information organisation" reported being "the victim of a large-scale ransomware data breach incident."

"Yesterday afternoon I was advised by a commercial health information organisation that it was the victim of a large-scale ransomware data breach incident. I am working with agencies across the Australian Government, states and territories to coordinate a whole-of-government response to this incident." 

by NCSC

Although MediSecure did not mention a ransomware attack, The Australian Financial Review and ABC [1, 2] report that the company behind the NCSC's announcement was MediSecure.

The NCSC noted that the investigations is in too early a stage to be able to share any useful details about the impact this cybersecurity incident has on the Australian population.

The worst healthcare-related data breach incident in Australia's recent history is that of Medibank that was breached by the REvil ransomware gang in October 2022.

That breach compromised the information of nearly 9.7 million Medibank and included personally identifiable details, contact, and healthcare data.

Norway recommends replacing SSL VPN to prevent bre...
Microsoft: Windows Server 2019 updates fail with 0...

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Monday, 23 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023