MediSecure hit by cyber security breach – Security


Electronic prescription provider MediSecure has revealed that “personal and health information of individuals” may have been caught up in a cyber security breach.



The Australian company has replaced its website with a statement that attributed the incident to a “third-party provider” to MediSecure.

“We have taken immediate steps to mitigate any potential impact on our systems,” it said.

“While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”

MediSecure is said to offer a secure messaging system, “specialising in transferring prescriptions between prescribers and dispenser”.

“MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available,” the company added.

“We appreciate your patience and understanding during this time”.

MediSecure said it is working with the Australian Digital Health Agency and the National Cyber Security Coordinator, and has also notified the Office of the Australian Information Commissioner and “other key regulators”.

Earlier today, national cyber security coordinator Lieutenant General Michelle McGuinness revealed that an unspecified “health information organisation” was the “victim of a large-scale ransomware data breach incident” on May 15.

In a LinkedIn post and an official statement, she said: “I am working with agencies across the Australian government, states and territories to coordinate a whole-of-government response to this incident.”

According to McGuinness, the Australian Cyber Security Centre is aware of the incident and the Australian Federal Police is investigating.

ITnews has contacted both organisations for further comment.

“We are in the very preliminary stages of our response and there is limited detail to share at this stage, but I will continue to provide updates as we progress while working closely with the affected commercial organisation to address the impacts caused by the incident,” McGuinness added.

Last year, the Department of Health and Aged Care began working with rival electronic script provider eRX to deliver its publicly funded national prescription delivery service instead of MediSecure. 

This meant any general practices would no longer be able to create new eScripts, cancel or delete scripts previously generated in MediSecure.



Source link