NewsBite

MediSecure data breach an ‘isolated’ attack as health officials briefed by cyber authorities

A ransomware attack on a digital prescriptions company has sparked concerns for the safety of customers’ sensitive health data.

Australia needs to be ‘light on our feet’ for cyber security

Federal authorities say it is still unclear if and how many Australians have had their personal health data stolen after electronic prescriptions provider MediSecure was targeted in a large-scale cyber breach.

Australia’s cyber security co-ordinator said there was no evidence to suggest there was an increased cyber threat to the medical sector after the healthcare business fell victim to an “isolated” ransomware attack earlier this week.

“We are still working to build a picture of the size and nature of the data that has been impacted by this data breach impacting MediSecure,” Lieutenant General Michelle McGuinness said.

“This discovery work often takes time and I understand Australians are anxious about the possibility of their personal information being affected.”

Malicious cyber actors often penetrate an online network using stolen or easily guessed credentials, such as easy-to-crack passwords. Picture: Google
Malicious cyber actors often penetrate an online network using stolen or easily guessed credentials, such as easy-to-crack passwords. Picture: Google

It’s understood that cyber criminals have accessed data being kept on MediSecure’s digital systems and demanded payment in exchange for stolen information.

The eHealth business, which facilitates e-script dispensing to health professionals, said the incident likely originated from an issue with one of its third-party vendors.

On average, cybercrime costs businesses between $46,000 for small businesses and $72,000 for larger businesses per year.

General McGuinness said authorities were looking closely at whether identity documents had been compromised in the breach.

Cyber Security Minister Clare O’Neil said more information about the cyber incident would be released in due course. Picture: NCA NewsWire/Martin Ollman
Cyber Security Minister Clare O’Neil said more information about the cyber incident would be released in due course. Picture: NCA NewsWire/Martin Ollman

Cyber officials held briefings with key industry health organisations early on Friday amid increased concerns for the security of health professionals and patients’ private data

After calling for “clear and consistent” communication about the breach, Australian Medical Association president Steve Robson welcomed the formation of a national stakeholder group to support the government’s response to the incident.

“The most important message today is that patients should not hesitate to get their medications dispensed as the current prescription delivery service is not affected by the breach,” Professor Robson said.

Original URL: https://www.theaustralian.com.au/breaking-news/medisecure-data-breach-an-isolated-attack-as-health-officials-briefed-by-cyber-authorities/news-story/3e26fc92fd8350f56a9b77ec889ab478