MediSecure e-script firm hit by ‘large-scale’ ransomware data breach
Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor.
The incident has impacted personal and health information of individuals but the extent remains unclear at this time.
Operating since 2009, MediSecure provides digital tools to healthcare professionals to manage and dispense medications to patients.
The company has issued millions of eScripts via its private and the state-backed eRx systems. Until November 2009, it was one of the two paperless script networks in Australia.
Today, the company announced that it has been indirectly impacted by a cybersecurity incident on one of its service providers, that has resulted in a data breach.
"MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems," reads the public statement.
An investigation has started and "early indicators suggest the incident originated from one of our third-party vendors," the company says.
The organization has informed key regulators in Australia, including the Office of the Australian Information Commissioner, and is working with the National Cyber Security Coordinator (NCSC) to mitigate the impact of the cyberattack.
In a short announcement, the Australian NCSC said that "a commercial health information organisation" reported being "the victim of a large-scale ransomware data breach incident."
"Yesterday afternoon I was advised by a commercial health information organisation that it was the victim of a large-scale ransomware data breach incident. I am working with agencies across the Australian Government, states and territories to coordinate a whole-of-government response to this incident."
by NCSC
Although MediSecure did not mention a ransomware attack, The Australian Financial Review and ABC [1, 2] report that the company behind the NCSC's announcement was MediSecure.
The NCSC noted that the investigations is in too early a stage to be able to share any useful details about the impact this cybersecurity incident has on the Australian population.
The worst healthcare-related data breach incident in Australia's recent history is that of Medibank that was breached by the REvil ransomware gang in October 2022.
That breach compromised the information of nearly 9.7 million Medibank and included personally identifiable details, contact, and healthcare data.
Comments