Breach Notification , Fraud Management & Cybercrime , Geo Focus: Asia
Australia Investigating Large-Scale Medical Billing Hack
e-Prescription Provider Brings in Government on Ransomware ResponseAustralian e-prescription firm MediSecure said it is dealing with a large-scale cyberattack that could affect the personal and health information of millions of patients. The company says it is working with the Australian government on a "whole-of-government response" to the ransomware attack.
See Also: Mitigating Identity Risks, Lateral Movement and Privilege Escalation
MediSecure 's public statement on Thursday disclosing the situation came hours after Michelle McGuinness, Australia's national cyber security coordinator, earlier in the day announced on X that government agencies and law enforcement were responding to a large-scale ransomware data breach at "a commercial health information organization."
MediSecure took down its website except for a brief official statement saying it took immediate steps to mitigate any potential impact of the cybersecurity incident on its systems. "While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors," the company said.
The company said it is working with the National Office of Cyber Security on the response and has notified the Office of the Australian Information Commissioner. McGuinness said she is working with agencies across the Australian government, states and territories "to coordinate a whole-of-government response to this incident."
Until recently, MediSecure provided Australia's sole government-authorized electronic prescription system for healthcare professionals. It was one of the two accredited prescription exchange services to dispense data to the national eHealth infrastructure and the Personally Controlled Electronic Health Record system, also known as the national PCEHR system, which enables healthcare providers to share health information securely.
Last year, the government mandated that all medical practices, clinicians and pharmacies sign up for the centralized national Prescription Delivery Service if they wanted to continue to prescribe medications and receive government subsidies. It also awarded an exclusive contract to eRx Script Exchange in May 2023 to streamline prescription delivery, which meant MediSecure had to transfer electronic prescription data to eRx.
Cybersecurity Minister Clare O'Neil said she was made aware of the ransomware attack on MediSecure several days ago.
"I have been briefed on this incident in recent days and the government convened a National Coordination Mechanism regarding this matter today. Updates will be provided in due course. Speculation at this stage risks undermining significant work underway to support the company's response," she said.
The Australian Medical Association has demanded an urgent and transparent investigation into the ransomware attack.
"A thorough and transparent investigation is needed, with clear and consistent communication to the public and the profession. This is critical to maintaining community trust in the electronic systems that are now integral to the functioning of our health system," the AMA said.