Info Data Leak

MediSecure, an E-prescription provider, hit by ransomware attack

SecurityAffairs

Threat Actor: Unknown | Unknown
Victim: MediSecure | MediSecure
Price: Not mentioned
Exfiltrated Data Type: Personal and health information

Additional Information :

  • MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia.
  • The company was forced to shut down its website and phone lines following a cyber attack, but it did not mention a ransomware attack.
  • Threat actors gained access to the personal and health information of an undisclosed number of individuals.
  • The incident is believed to have originated from one of MediSecure’s third-party vendors.
  • The company is still investigating the security breach with the help of the National Cyber Security Coordinator.
  • MediSecure has notified the Office of the Australian Information Commissioner and other relevant authorities.
  • MediSecure was one of two companies awarded contracts by the federal government to provide PBS e-script services until late last year.
  • In November 2022, Medibank announced a ransomware attack that exposed personal data belonging to around 9.7 million current and former customers.
  • Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers.

MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia.

The company was forced to shut down its website and phone lines following a cyber attack, but it did not mention a ransomware attack.

Threat actors gained access to the personal and health information of an undisclosed number of individuals.

“MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems.” reads the statement published by the company. “While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”

The company is still investigating the security breach with the help of the National Cyber Security Coordinator, however, it revealed that early indicators suggest the incident originated from one of its third-party vendors.

The electronic prescription provider also notified the Office of the Australian Information Commissioner and other relevant authorities.

The Australian broadcaster ABC reported that MediSecure “is the health organisation at the centre of the large-scale ransomware data breach announced by the national cyber security coordinator on Thursday.”

“MediSecure was one of two companies awarded contracts by the federal government to provide PBS e-script services until late last year, when the tender was granted exclusively to another company, eRx.” reported ABC. “In October last year, the ACCC granted authorisation for MediSecure to transfer all publicly- funded electronic prescriptions and data to eRx.”

In November 2022, Medibank announced that personal data belonging to around 9.7M of current and former customers were exposed due to a ransomware attack that occurred in October 2022.

Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

Original Source: https://securityaffairs.com/163257/cyber-crime/medisecure-impacted-by-ransomware-attack.html

Tags: BREACH, GOVERNMENT, IMPACT