Aussie cops probe MediSecure's 'large-scale ransomware data breach'

Throw another healthcare biz on the barby, mate

Australian prescriptions provider MediSecure is the latest healthcare org to fall victim to a ransomware attack, with crooks apparently stealing patients' personal and health data.

"While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors," the e-script provider said in a statement on Thursday. 

MediSecure did not indicate how many individuals were affected by the incident, but promised to "provide further updates via our website as soon as more information becomes available." It also said it is working with Oz's National Cyber Security Coordinator to "manage the impacts of the incident," and has notified regulatory agencies including the Office of the Australian Information Commissioner.

Australia's federal police are investigating the intrusion, which the National Cyber Security Coordinator described as a "large-scale ransomware data breach incident." 

In a separate statement on Thursday, the country's top cybersecurity chief said the Australian government "continues to assist MediSecure," and that it's "still working to build a picture of the size and nature of the data that has been impacted by this data breach."

The statement continued:

From the information that is currently available to the government, no current ePrescriptions have been impacted or accessed. The Department of Health has confirmed there has been no impact to the ePrescription services currently in use.

On the basis of technical advice from MediSecure to date, the original compromise has been isolated and there is no evidence to suggest an increased cyber threat to the medical sector.

We are looking closely at any evidence about whether identity documents have been compromised in the breach, and are working with MediSecure, Services Australia, and state and territory credential issuing bodies to build a full picture of the impacted dataset.

We have not seen evidence so far to suggest that anyone needs to replace their Medicare card. If our investigation turns up any evidence to suggest Australians' identities are at risk and they need to replace their documents, we will let them know. 

The government is also briefing health sector industry groups about the digital intrusion and response, including the Australian Medical Association, the Pharmacy Guild of Australia, and "major private hospital providers."

The MediSecure incident is yet another indication of ransomware crews increasingly targeting the healthcare sector as these organizations are responsible for safeguarding very sensitive medical and personal information belonging to millions. 

Data thieves know this means the victim orgs are more likely to pay ransom demand — as we saw with the massive Change Healthcare attack in America with that company paying the criminals $22 million. Despite paying the extortion demand, more ransomware crooks reportedly started leaking sensitive data and extorting the company for even more money.  

In late 2022, Australian health insurer Medibank fell victim to a ransomware attack with data of almost 10 million customers leaked.

Stolen info included medical treatment details belonging to about half a million Medibank customers, along with names, dates of birth, addresses, phone numbers and email addresses of 9.7 million individuals.

The now-defunct REvil crime gang was blamed for this attack, and Australian authorities accused Russia of harboring the group. ®

Send us news

Ransomware crews investing in custom data stealing malware

BlackByte, LockBit among the criminals using bespoke tools

Eldorado ransomware-as-a-service gang targets Linux, Windows systems

US orgs bear the brunt of attacks by probably-Russian crew

You had a year to patch this Veeam flaw – and now it's going to hurt some more

LockBit variant targets backup software - which you may remember is supposed to help you recover from ransomware

Not-so-OpenAI allegedly never bothered to report 2023 data breach

Also: F1 authority breached; Prudential victim count skyrockets; a new ransomware actor appears; and more

UK and US cops band together to tackle Qilin's ransomware shakedowns

Attacking the NHS is a very bad move

Cancer patient forced to make terrible decision after Qilin attack on London hospitals

Skin-sparing mastectomy and breast reconstruction scrapped as result of ransomware at supplier

Car dealer software slinger CDK Global said to have paid $25M ransom after cyberattack

15K dealerships take estimated $600M+ hit

China's APT40 gang is ready to attack vulns within hours or days of public release

Lax patching and vulnerable small biz kit make life easy for Beijing's secret-stealers

Avast secretly gave DoNex ransomware decryptors to victims before crims vanished

Good riddance to another pesky tribe of miscreants

Europol nukes nearly 600 IP addresses in Cobalt Strike crackdown

Private sector helped out with week-long operation – but didn't touch China

Patelco banking services AWOL amid ransomware ruckus

Late fees? Don't worry, the credit union has you covered

China's APT41 crew adds a stealthy malware loader and fresh backdoor to its toolbox

Meet DodgeBox, son of StealthVector