Aussie cops probe MediSecure's 'large-scale ransomware data breach'
Throw another healthcare biz on the barby, mate
Australian prescriptions provider MediSecure is the latest healthcare org to fall victim to a ransomware attack, with crooks apparently stealing patients' personal and health data.
"While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors," the e-script provider said in a statement on Thursday.
MediSecure did not indicate how many individuals were affected by the incident, but promised to "provide further updates via our website as soon as more information becomes available." It also said it is working with Oz's National Cyber Security Coordinator to "manage the impacts of the incident," and has notified regulatory agencies including the Office of the Australian Information Commissioner.
Australia's federal police are investigating the intrusion, which the National Cyber Security Coordinator described as a "large-scale ransomware data breach incident."
In a separate statement on Thursday, the country's top cybersecurity chief said the Australian government "continues to assist MediSecure," and that it's "still working to build a picture of the size and nature of the data that has been impacted by this data breach."
The statement continued:
From the information that is currently available to the government, no current ePrescriptions have been impacted or accessed. The Department of Health has confirmed there has been no impact to the ePrescription services currently in use.
On the basis of technical advice from MediSecure to date, the original compromise has been isolated and there is no evidence to suggest an increased cyber threat to the medical sector.
We are looking closely at any evidence about whether identity documents have been compromised in the breach, and are working with MediSecure, Services Australia, and state and territory credential issuing bodies to build a full picture of the impacted dataset.
We have not seen evidence so far to suggest that anyone needs to replace their Medicare card. If our investigation turns up any evidence to suggest Australians' identities are at risk and they need to replace their documents, we will let them know.
The government is also briefing health sector industry groups about the digital intrusion and response, including the Australian Medical Association, the Pharmacy Guild of Australia, and "major private hospital providers."
The MediSecure incident is yet another indication of ransomware crews increasingly targeting the healthcare sector as these organizations are responsible for safeguarding very sensitive medical and personal information belonging to millions.
- Australia imposes cyber sanctions on Russian it says ransomwared health insurer
- London Drugs closes all of its pharmacies following 'cybersecurity incident'
- UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection
- Ransomware negotiator weighs in on the extortion payment debate with El Reg
Data thieves know this means the victim orgs are more likely to pay ransom demand — as we saw with the massive Change Healthcare attack in America with that company paying the criminals $22 million. Despite paying the extortion demand, more ransomware crooks reportedly started leaking sensitive data and extorting the company for even more money.
In late 2022, Australian health insurer Medibank fell victim to a ransomware attack with data of almost 10 million customers leaked.
Stolen info included medical treatment details belonging to about half a million Medibank customers, along with names, dates of birth, addresses, phone numbers and email addresses of 9.7 million individuals.
The now-defunct REvil crime gang was blamed for this attack, and Australian authorities accused Russia of harboring the group. ®