MediSecure hit by cyber security breach – Security

Electronic prescription provider MediSecure has revealed that “personal and health information of individuals” may have been caught up in a cyber security breach.

The Australian company has replaced its website with a statement that attributed the incident to a “third-party provider” to MediSecure.

“We have taken immediate steps to mitigate any potential impact on our systems,” it said.

“While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”

MediSecure is a prescription exchange service (PES), a kind of secure messaging system that “specialises in transferring prescriptions between prescribers and [a] dispenser”.

“MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available,” the company added.

“We appreciate your patience and understanding during this time”.

MediSecure said it is working with the Australian Digital Health Agency and the National Cyber Security Coordinator and has also notified the Office of the Australian Information Commissioner and “other key regulators”.

Earlier today, national cyber security coordinator Lieutenant General Michelle McGuinness revealed that an unspecified “health information organisation” was the “victim of a large-scale ransomware data breach incident” on May 15.

In a LinkedIn post and an official statement, she said: “I am working with agencies across the Australian government, states and territories to coordinate a whole-of-government response to this incident.”

According to McGuinness, the Australian Cyber Security Centre is aware of the incident and the Australian Federal Police is investigating.

ITnews has contacted both organisations for further comment.

“We are in the very preliminary stages of our response and there is limited detail to share at this stage, but I will continue to provide updates as we progress while working closely with the affected commercial organisation to address the impacts caused by the incident,” McGuinness added.

The government, through the Department of Health and Aged Care, last year established the national Prescription Delivery Service, which is provided by a different PES operator, eRx.

General practices and pharmacies now run e-scripts through eRx. 

This meant any general practices would no longer be able to create new eScripts, cancel or delete scripts previously generated in MediSecure, although they could still access older scripts on MediSecure servers.