Major prescription vendor down over ransomware

MediSecure, one of two electronic prescription providers in Australia, went offline after a third party fell victim to a ransomware attack. Private user data was likely exposed.

The cybersecurity incident impacted the “personal and health information of individuals,” MediSecure said in a statement. While the extent of the breach is not known, the platform said it has taken steps to mitigate the attack.

While the company does not discuss the nature of the attack, local media reported that Australia’s national cybersecurity coordinator has revealed it was a ransomware attack. No ransomware cartel has claimed responsibility for the attack so far.

At the time of writing, MediSecure’s website greeted users with a statement about the breach and did not provide any other functionality.

“While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors,” reads the public statement.

MediSecure is one of two Australia’s electronic prescription providers, issuing millions of prescriptions.

Exposing personal medical data poses severe risks for affected individuals as attackers could use the information for identity theft, financial fraud, targeted phishing attacks, blackmail, and potentially compromise patients’ medical histories and personal information.

Individual healthcare data can be sold on dark web forums. For example, malicious actors can use medical details for medical identity theft, a type of fraud where threat actors use stolen information to submit forged claims to health insurers.

MediSecure said that it’s closely working with the National Cyber Security Coordinator and has notified the Office of the Australian Information Commissioner and other authorities.

Australia has been attracting cybercriminals over the last few years. In 2022, threat actors stole data from Australia’s second-largest telecoms provider Optus. Later, attackers targeted Australia’s largest health insurer, Medibank; the country’s largest telecoms company, Telstra; one of the country’s largest port operators, DP World Australia, and others.