Breach Notification , Fraud Management & Cybercrime , Geo Focus: Asia

Australia Investigating Large-Scale Medical Billing Hack

e-Prescription Provider Brings in Government on Ransomware Response
Australia Investigating Large-Scale Medical Billing Hack

Australian e-prescription firm MediSecure said it is dealing with a large-scale cyberattack that could affect the personal and health information of millions of patients. The company says it is working with the Australian government on a "whole-of-government response" to the ransomware attack.

See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation

MediSecure 's public statement on Thursday disclosing the situation came hours after Michelle McGuinness, Australia's national cyber security coordinator, earlier in the day announced on X that government agencies and law enforcement were responding to a large-scale ransomware data breach at "a commercial health information organization."

MediSecure took down its website except for a brief official statement saying it took immediate steps to mitigate any potential impact of the cybersecurity incident on its systems. "While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors," the company said.

The company said it is working with the National Office of Cyber Security on the response and has notified the Office of the Australian Information Commissioner. McGuinness said she is working with agencies across the Australian government, states and territories "to coordinate a whole-of-government response to this incident."

Until recently, MediSecure provided Australia's sole government-authorized electronic prescription system for healthcare professionals. It was one of the two accredited prescription exchange services to dispense data to the national eHealth infrastructure and the Personally Controlled Electronic Health Record system, also known as the national PCEHR system, which enables healthcare providers to share health information securely.

Last year, the government mandated that all medical practices, clinicians and pharmacies sign up for the centralized national Prescription Delivery Service if they wanted to continue to prescribe medications and receive government subsidies. It also awarded an exclusive contract to eRx Script Exchange in May 2023 to streamline prescription delivery, which meant MediSecure had to transfer electronic prescription data to eRx.

Cybersecurity Minister Clare O'Neil said she was made aware of the ransomware attack on MediSecure several days ago.

"I have been briefed on this incident in recent days and the government convened a National Coordination Mechanism regarding this matter today. Updates will be provided in due course. Speculation at this stage risks undermining significant work underway to support the company's response," she said.

The Australian Medical Association has demanded an urgent and transparent investigation into the ransomware attack.

"A thorough and transparent investigation is needed, with clear and consistent communication to the public and the profession. This is critical to maintaining community trust in the electronic systems that are now integral to the functioning of our health system," the AMA said.


About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.