Administrators called in by MediSecure following cyber breach

MediSecure, an electronic prescription provider, has voluntarily entered administration less than a month after experiencing a cyber breach.

On June 3, the company appointed administrators from FTI Consulting, Paul Harlond and Vaughan Strawbridge. The following day, they were appointed as liquidators.

Vaughan Strawbridge stated, “The recent cyber incident has caused significant concern and impact. The company has engaged with the Australian government to provide necessary information in response to the incident.”

Discussing the company’s next steps in response to the cyber incident, he added, “We will be liaising with the Australian government to understand their requirements and plan the course of action.”

The initial creditor meeting is set for June 14.

MediSecure’s most recent statement on May 31 mentioned seeking governmental assistance for the “expenses related to addressing the incident” without requesting operational funding unrelated to the cyber attack.

The company also stated in the same release that it had been “examining the exposed data set on a dark web platform to identify affected individuals following the data’s recent restoration.”

An initial alert about a significant breach was first reported by the National Cyber Security Coordinator, indicating an unspecified “health information organization” as the target of a ransomware attack on May 15, as revealed here.

MediSecure acknowledged the cyber breach the following day, May 16, identifying it as an incident impacting personal and health information of individuals.

MediSecure operated as a Prescription Exchange Service (PES), a secure messaging system specializing in transferring prescriptions between prescribers and dispensers.

The government, via the Department of Health and Aged Care, established the national Prescription Delivery Service last year, operated by a different PES provider, eRx.

The Department of Home Affairs has affirmed that eRx remains unaffected by the MediSecure cyber incident.

The department assured, “Consumers can safely access medicines, and healthcare providers can continue to prescribe and dispense as usual.”

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts