Police investigate large-scale healthcare data breach at MediSecure

Police investigate large-scale healthcare data breach at MediSecure

Federal police are investigating after Australian healthcare business MediSecure was targeted in a large-scale ransomware data breach.

MediSecure’s website and phone hotline were offline on Thursday, and the company confirmed in a statement it had fallen victim to a cyberattack. The Melbourne-based firm was founded in 2009 and provides electronic prescription services to healthcare professionals.

Federal police and government agencies are probing this latest large-scale data hack.Credit: Alex Ellinghausen

“MediSecure has identified a cybersecurity incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems,” the company said in a statement.

“While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”

The company said it was assisting the Australian Digital Health Agency and the National Security Coordinator to manage impacts resulting from the breach, and had notified regulators including the Office of the Australian Information Commissioner.

Loading

“MediSecure understands the importance of transparency and will provide further updates as soon as more information becomes available. We appreciate your patience and understanding during this time.”

MediSecure was contacted for further comment.

Earlier on Thursday, Australia’s National Cyber Security Coordinator, Lieutenant General Michelle McGuinness, said an unnamed “commercial health information organisation” was the victim of the breach.

“I am working with agencies across the Australian government, states and territories to co-ordinate a whole-of-government response to this incident,” she said.

“The Australian Signals Directorate’s Australian Cyber Security Centre is aware of the incident and the Australian Federal Police is investigating.

Lieutenant General Michelle McGuinness.Credit: Alex Ellinghausen

“We are in the very preliminary stages of our response and there is limited detail to share at this stage, but I will continue to provide updates as we progress, while working closely with the affected commercial organisation to address the impacts caused by the incident.”

Cybersecurity Minister Clare O’Neil urged people not to speculate on the company involved in the breach.

The minister wrote on social media site X, formerly known as Twitter, that she had been briefed on the incident earlier in the week and the government had convened a National Coordination Mechanism on Thursday.

“Updates will be provided in due course. Speculation at this stage risks undermining significant work under way to support the company’s response,” she wrote.

O’Neil said McGuinness was leading the work to support the company to manage the incident.

No data has yet appeared online and no ransomware group has claimed responsibility for the hack.

Sadiq Iqbal, cybersecurity adviser at Check Point Software Technologies, said the ransomware attack was particularly concerning given it was a major healthcare provider supplying critical services.

“The healthcare industry continues to be a top target to organised cybercriminals due to the sensitive services it supplies,” Iqbal told this masthead.

Cybersecurity Minister Clare O’Neil.Credit: Alex Ellinghausen

“It is, however, encouraging to see that the ASD is on top of the situation and assisting with the response and providing transparency throughout the process.”

Iqbal said that while it was probably too early to diagnose the cause of the breach, Australia’s healthcare industry could learn a lot from the United States and its regulatory compliance requirements for the sector. “Due to the lack of budgets and reliance on antiquated out-of-support Windows devices that power many of the critical medical technology, healthcare providers will frequently be an easy target for sophisticated threat actors.”

Loading

The breach comes six months after the nation’s largest not-for-profit health and aged care provider, St Vincent’s Health, sustained a cyberattack with hackers stealing data from its network.

It also comes nearly two years after Australia’s largest health insurer Medibank suffered a data breach in which nearly 10 million customers had personal information, including names, dates of birth, addresses and phone numbers, compromised.

It was one of the worst cyber breaches ever reported, and the alleged perpetrator was detained in Russia.

Australia late last year dropped plans to ban companies from making ransomware payments, instead opting to introduce mandatory reporting obligations.

“Every time a ransom is paid, we are feeding the cybercrime problem,” O’Neil said in November.

“Now, we are in a situation in our country where it is clearly not the right time at this moment to ban ransoms, and that’s because we haven’t done the hard work.”

The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.

Most Viewed in Technology

Loading

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Age – https://www.theage.com.au/technology/police-investigate-large-scale-healthcare-data-breach-20240516-p5je66.html?ref=rss&utm_medium=rss&utm_source=rss_technology

Exit mobile version