Despite its name, MediSecure has suffered a large-scale data breach affecting personal and health information.
Federal police are probing a significant ransomware data breach at the Melbourne-based healthcare firm that specialises in electronic prescription services. The company reported its website and hotline were non-functional following the cyberattack, although no data has yet appeared online and no ransomware group has claimed responsibility for the hack.
“Immediate steps were taken to mitigate any potential impact on our systems," the company said, noting the breach likely stemmed from a third-party vendor.
MediSecure is assisting the Australian Digital Health Agency and the National Security Coordinator to manage the breach's consequences and has informed relevant regulators, including the Office of the Australian Information Commissioner.
A coordinated response
Australia’s National Cyber Security coordinator Lieutenant General Michelle McGuinness said a whole-of-government response was being mobilised to deal with the incident.
“I am working with agencies across the Australian government, states and territories to coordinate a whole-of-government response to this incident,” she said.
“We are in the very preliminary stages of our response and there is limited detail to share at this stage, but I will continue to provide updates as we progress, while working closely with the affected commercial organisation to address the impacts caused by the incident.
“The Australian Signals Directorate’s Australian Cyber Security Centre is aware of the incident and the Australian Federal Police is investigating.”
"We are in the very preliminary stages of our response," McGuinness stated, underscoring the ongoing effort to address the breach's impact alongside the Australian Cyber Security Centre and other agencies.
Healthcare: a vulnerable sector
Cybersecurity experts have highlighted the attack's seriousness, given MediSecure's role in providing critical healthcare services.
Sadiq Iqbal of Check Point Software Technologies (NASDAQ:CHKP) highlighted the vulnerability of the healthcare sector to such sophisticated attacks, citing a lack of adequate budgets and reliance on outdated technology as key weaknesses.
“The healthcare industry continues to be a top target to organised cybercriminals due to the sensitive services it supplies,” he said.
Iqbal added, “Due to the lack of budgets and reliance on antiquated out-of-support Windows devices that power many of the critical medical technology, healthcare providers will frequently be an easy target for sophisticated threat actors.”
This breach follows several high-profile cybersecurity incidents in Australia's healthcare sector, including attacks on St Vincent’s Health and on Medibank — one of the worst cyber breaches ever reported — spotlighting the ongoing challenge of protecting sensitive health information against cyber threats.