Pierluigi Paganini
May 16, 2024
MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia.
The company was forced to shut down its website and phone lines following a cyber attack, but it did not mention a ransomware attack.
Threat actors gained access to the personal and health information of an undisclosed number of individuals.
“MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems.” reads the statement published by the company. “While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”
The company is still investigating the security breach with the help of the National Cyber Security Coordinator, however, it revealed that early indicators suggest the incident originated from one of its third-party vendors.
Yesterday afternoon I was advised by a commercial health information organisation that it was the victim of a large-scale ransomware data breach incident.
— National Cyber Security Coordinator (@AUCyberSecCoord) May 16, 2024
I am working with agencies across the Australian Government, states and territories to coordinate a whole-of-government… pic.twitter.com/mool7LNLRZ
The electronic prescription provider also notified the Office of the Australian Information Commissioner and other relevant authorities.
The Australian broadcaster ABC reported that MediSecure “is the health organisation at the centre of the large-scale ransomware data breach announced by the national cyber security coordinator on Thursday.”
“MediSecure was one of two companies awarded contracts by the federal government to provide PBS e-script services until late last year, when the tender was granted exclusively to another company, eRx.” reported ABC. “In October last year, the ACCC granted authorisation for MediSecure to transfer all publicly- funded electronic prescriptions and data to eRx.”
In November 2022, Medibank announced that personal data belonging to around 9.7M of current and former customers were exposed due to a ransomware attack that occurred in October 2022.
Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)
