Electronic script provider named as victim of ‘large-scale’ data breach

Posted by
Check your BMI

Electronic prescription provider MediSecure has fallen victim to a "large scale" data breach, potentially putting Australians' private medical information at risk and sparking a national approach from the federal government.

The company released a statement on its website – which is now otherwise inactive – this afternoon confirming the breach involved "personal and health information".

"We have taken immediate steps to mitigate any potential impact on our systems," it said.

READ MORE: Reserve Bank debunks popular rental crisis myth

The statement posted by MediSecure.

toonsbymoonlight

"While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors."

The company provided a system to allow healthcare professionals like GPs to send prescriptions to patients electronically.

Its logo contains the tagline "eScripts. Sent. Secure. Safe".

It has not been used since November 15 for new electronic prescriptions after the federal Health Department made eRx the sole escript provider, but has remained online for patients to access existing documents.

MediSecure company said it had contacted government agencies and is helping them "manage the impacts of the incident".

"MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available," it said.

"We appreciate your patience and understanding during this time."

The National Cyber Security Coordinator said earlier today it was informed by MediSecure of the incident yesterday.

"Yesterday afternoon I was advised by a commercial health information organisation that it was the victim of a large-scale ransomware data breach incident," Cyber Security Coordinator Lieutenant-General Michelle McGuinness said in a statement.

READ MORE: Unemployment rate increases, dulling chance of rate hike

"I am working with agencies across the Australian government, states and territories to coordinate a whole-of-government response to this incident.

"The Cyber Security Centre is aware of the incident and the Australian Federal Police (are) investigating."

Federal Cyber Security Minister Clare O'Neil said the government is responding to the data breach.

"I have been briefed on this incident in recent days and the government convened a National Coordination Mechanism regarding this matter today," she said this afternoon.

READ MORE: This family spends $2.5k every week. It doesn't need to be like that

https://twitter.com/AUCyberSecCoord/status/1790917205368135703?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Etweet

"Michelle McGuinness is leading work across the Australian government to support the company in managing this large-scale ransomware incident.

"Updates will be provided in due course. Speculation at this stage risks undermining significant work underway to support the company's response."

McGuinness said the investigation was still in its early stages, and more updates will be provided soon.

"We are in the very preliminary stages of our response and there is limited detail to share at this stage," she said.

"But I will continue to provide updates as we progress while working closely with the affected commercial organisation to address the impacts caused by the incident."

Full statement from MediSecure

Cyber security incident/data breach

MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems.

While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.

MediSecure takes its legal and ethical obligations seriously and appreciate this information will be of concern. MediSecure is actively assisting the Australian Digital Health Agency and the National Cyber Security Coordinator to manage the impacts of the incident. MediSecure has also notified the Office of the Australian Information Commissioner and other key regulators.

MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available. We appreciate your patience and understanding during this time.