E-scripts platform MediSecure hit by ‘large-scale’ ransomware

MediSecure, a provider of a digital prescription platform, is the latest in Australia to fall victim to a major ransomware attack by unidentified actors. 

On Thursday, 16 May, the company reported a cyber attack “impacting the personal and health information of individuals” in its system. The company’s website and phone lines have since gone offline. 

“While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors,” it shared. 

National Cyber Security Coordinator (NCSC) Michelle McGuinness has been engaged to assist in responding to the incident.

The following day, 17 May, McGuinness said in an update that “no current e-prescriptions have been impacted or accessed.”

“The Department of Health has [also] confirmed there has been no impact to the e-prescription services currently in use.”

WHY IT MATTERS

McGuinness initially did not name MediSecure in a statement early Thursday informing about a “large-scale ransomware data breach incident” affecting a “commercial health information organisation.”

As of late, the extent of the data breach’s impact is yet to be known. MediSecure used to provide the e-prescription service for the Australian government until it switched to a new provider, eRx by Fred IT, in 2023. 

For now, “the original compromise has been isolated,” McGuinness said, citing advice from MediSecure, and that “there is no evidence to suggest an increased cyber threat to the medical sector.” 

“We are looking closely at any evidence about whether identity documents have been compromised in the breach, and are working with MediSecure, Services Australia, and state and territory credential issuing bodies to build a full picture of the impacted dataset.”

She is also not suggesting anyone who are possibly affected to replace their Medicare card as of the moment. 

The NCSC is taking a whole-of-government approach to respond to the cyber incident, convening the National Coordination Mechanism with the National Emergency Management Agency. 

Key industry bodies have also been contacted to be briefed on the incident and the national response. They include the Australian Medical Association, the Pharmacy Guild of Australia, and major private hospital providers. 

THE LARGER TREND

Australian organisations have been identified in major hacks in recent years, including private health insurer Medibank and telecommunications company Optus. Over in healthcare, St Vincent’s Health fell to a cyber breach in December with hackers deleting some data from its system. It has yet to know which data were accessed. Meanwhile, Monash Health was named one of those whose data were affected in the ransomware attack that hit ZircoDATA in February. The exposed data relate to its archived data of family violence and sexual assault victims from 1970 to 1993.