A recent disclosure by MediSecure, an Australian e-prescription company based in Melbourne, has revealed a ransomware attack compromising personal and health information [7].
Description
The incident [1] [2] [4] [6] [7], suspected to have originated from a third-party vendor [1], is currently under investigation by government agencies [7]. E-prescriptions [1] [2] [3] [5] [6] [7], containing sensitive data such as names, addresses [7], and Medicare numbers [7], are at risk due to the breach [7]. MediSecure [1] [2] [3] [4] [5] [6] [7], a national e-prescribing service that lost a government tender last year [7], has been impacted by the breach, affecting data up to November 2023 [7]. A hacker has claimed to have stolen 6.5 terabytes of patient data, including personal information and prescription data of thousands of Australian patients, which is being offered for sale on a Russian hacking forum for $US50,000. Efforts are underway to notify impacted individuals and healthcare providers [5], with investigations ongoing to determine compliance with data breach notification laws [4].
Conclusion
The incident highlights the diverse cyberthreat landscape that can impact businesses of any size [4]. Efforts are being made to address the breach, with ongoing collaboration between MediSecure, government agencies [1] [2] [6] [7], and regulators [1]. The transition to a new prescription delivery service provider last year promotes e-prescriptions as an alternative to paper-based prescribing [2]. MediSecure is working urgently to verify the extent of the breach and provide updates as more information becomes available.
References
[1] https://www.medisecure.com.au/
[2] https://www.healthcareitnews.com/news/anz/medisecure-hack-no-risk-erx
[3] https://www.cyberdaily.au/security/10616-exclusive-stolen-medisecure-data-posted-for-sale-on-russian-hacking-forum
[4] https://www.smh.com.au/technology/medisecure-patient-data-up-for-sale-on-russian-hacking-forum-20240524-p5jggb.html
[5] https://www.abc.net.au/news/2024-05-24/medisecure-asks-for-government-bailout-after-cyberhack/103891638
[6] https://www.infosecurity-magazine.com/news/health-info-online-medisecure/
[7] https://www.croakey.org/medisecure-data-breach-why-is-health-data-so-lucrative-for-hackers/