Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label MediSecure. Show all posts

Massive Cyber Attack Hits MediSecure, Impacting Millions of Australians

 



In a shocking revelation, MediSecure, an eprescription provider, has confirmed that approximately 12.9 million Australians have been affected by a cyberattack that occurred in April. This incident has surpassed previous notable breaches, including the Optus and Medibank data breaches in 2022, in terms of the number of individuals impacted.

The administrators of MediSecure, FTI Consulting, disclosed that the compromised data includes individuals' healthcare identifiers. However, due to the complexity and sheer volume of the data involved, identifying the specific individuals whose data was stolen is financially unfeasible for the company. This inability to pinpoint affected individuals prevents MediSecure from notifying them about the breach.

Data Complexity and Financial Constraints

The compromised server contained 6.5 terabytes of data, equivalent to billions of pages of text. This data was stored in a mix of semi-structured and unstructured formats, making it extremely difficult to analyse without incurring substantial costs. The encrypted nature of the server further complicates efforts to determine the exact information accessed by the malicious actors. MediSecure's financial limitations have left the company unable to afford the extensive resources needed to sift through the massive amount of data.

Notification Delays and Administrative Actions

Despite the hack occurring in April, MediSecure did not make the incident public until May. The delayed notification has raised concerns about the company's crisis management and communication strategies. Subsequently, the company entered administration in June, and its subsidiary, Operations MDS, went into liquidation. This subsidiary was identified as the main trading entity of the corporate group, highlighting the severe impact of the cyberattack on the company's operational capabilities.

Impact on Healthcare Services

MediSecure had provided a crucial service that allowed healthcare professionals, such as general practitioners, to send electronic prescriptions to patients. However, this service has not been used for new electronic prescriptions since November 15, following a decision by the federal Health Department to designate eRx as the sole e-script provider. This shift has left many healthcare providers scrambling to adapt to the new system, further complicating the ecosystem for electronic healthcare services in Australia.

The MediSecure cyberattack highlights the growing threat of data breaches and the challenges companies face in managing and mitigating such incidents. With 12.9 million Australians potentially affected and the company unable to notify them, the breach underscores the need for robust cybersecurity measures and the financial resilience to respond effectively to such crises. This incident serves as a stark reminder of the vulnerabilities that exist in the digital age and the critical importance of safeguarding sensitive information.


Patient Privacy at Risk: Experts React to Health Company Data Leak

 


A report released by MediSecure states that it is the victim of a 'large-scale ransomware' data breach that is affecting the health and personal information of millions of individuals. According to the statement, the attack impacts personal and health information. Several of its third-party vendors are suspected of contributing to the breach, which has been reported to have originated from the vendor and it has stated that it is working with Michelle McGuinness, the National Cyber Security Coordinator, to manage the consequences of the breach. 

It was McGuinness's response to the recent data breach at MediSecure that led to an inability to access the company's data, so it is still unclear how much and what kind of data was impacted by the breach. As a result of a large-scale ransomware data breach targeting Australian healthcare company MediSecure, federal police are investigating the incident. The MediSecure website and phone hotline were both unavailable on Thursday. A statement from the company revealed that a cyberattack had caused the company to be offline.

In 2009, this Melbourne-based company established itself to provide electronic prescription services to healthcare providers. As a result of the breach, the company has informed regulators including the Office of the Australian Information Commissioner that it is assisting the Australian Digital Health Agency and the National Security Coordinator to manage the impact.   For further information, MediSecure has been contacted. Australia's National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, told reporters on Thursday that the breach involved an anonymous “commercial health information organization.” 

Earlier in the week, the minister shared her experience on social networking site X, which is similar to Twitter. On Thursday, the government convened a National Coordination Mechanism to discuss the incident after she had been briefed about it earlier in the week. There has not been any data appearing online at the moment, and no ransomware group has claimed responsibility for the hack, O’Neil said. McGuinness is assisting with the company's management of the incident. 

In the eyes of Sadiq Iqbal, a cybersecurity adviser at Check Point Software Technologies, he was particularly concerned about the ransomware attack because it affected a significant healthcare provider that provided critical services. It was noted by McGuinness that the original compromise was isolated, and there is no evidence that the healthcare sector has been exposed to an increased risk of cyber-attack. It is a timely reminder for all organizations in the industry to review their cybersecurity practices in light of the breach, experts believe. 

According to Professor Nigel Phair from Monash University in Victoria, organizations must ensure they only collect, store and utilise the minimum amount of information they need to operate. There has been a major breach of the network at St Vincent's Health, the nation's largest not-for-profit health and aged care provider. Hackers could steal data from its network six months after St Vincent's Health suffered a cyberattack.

Additionally, it comes nearly two years after Australian health insurer Medibank suffered a data breach that compromised the personal information of nearly 10 million customers, including their names, birth dates, addresses, and telephone numbers, after nearly 10 million Australians complained of privacy breaches. An alleged perpetrator of the cyber breach was detained in Russia, which has been reported to be one of the biggest breaches ever to happen. It was announced late last year that Australia would no longer ban companies from making ransomware payments! Instead, the Australian government will introduce mandatory reporting requirements as a compromise.