Online prescription provider MediSecure suffers large-scale ransomware attack

A small e-prescription company says a major data breach was likely caused by one if its third-party vendors.

less than 2 min read

May 16, 2024 - 6:33PM

NCA NewsWire

Data breach against medium-sized health provider revealed

Hacking

Don't miss out on the headlines from Hacking. Followed categories will be added to My News.

Digital prescription company MediSecure has shut down its website and phone lines after falling victim to a large-scale ransomware attack.

In a statement posted to its website, the Melbourne-based health provider confirmed that it had identified a cybersecurity incident “impacting the personal and health information” of its customers and said it was working closely with cyber authorities.

“We have taken immediate steps to mitigate any potential impact on our systems,” the statement read.

“MediSecure takes its legal and ethical obligations seriously and appreciate this information will be of concern.”

Australia’s National Cyber Security Coordinator Michelle McGuinness says there is a whole-of-government response underway into the breach. Supplied: US Defense Intelligence Agency

MediSecure, which has been operating since 2009, specialises in providing electronic prescriptions to health professionals.

The eHealth business said the cyber incident had likely originated from an issue with one of its third-party vendors.

National Cyber Security Coordinator Michelle McGuinness chose not identify the company in a statement released earlier on Thursday after confirming that she had been notified of a cyber breach yesterday afternoon.

“I am working with agencies across the Australian Government, states and territories to co-ordinate a whole-of-government response to this incident,” McGuinness said.

“The Australian Signals Directorate Australian Cyber Security Centre is aware of the incident and the Australian Federal Police is investigating.”

Federal authorities are investigating the latest cyber attack on an Australian company. Picture: NCA NewsWire / Morgan Sette

Home Affairs Minister Clare O’Neil has convened peak intelligence and security officers in response to the crisis incident.

“I have been briefed on this incident in recent days and the government convened a National Coordination Mechanism regarding this matter today,” she wrote on X.

Home Affairs Minister Clare O’Neil said her department was assisting. Picture: NCA NewsWire / Martin Ollman

In 2022, health insurance giant Medibank fell victim to a major cyber hack that affected the personal details of 9.7 million people.

The attack was believed to be linked to a well-known ransomware group based in Russia.

The federal government released its seven-year cyber security strategy in November, which allocated $565m to help businesses report malicious intrusions and ransomware attacks.

The Australian Signals Directorate revealed in its annual cyber threat update that nearly 94,000 reports of cybercrime were made to police in 2022-23, an increase of 23 per cent from the previous year.

The cyber agency revealed China as a major backer of hacks targeting Australian critical infrastructure and companies.