“The original compromise has been isolated and there is no evidence to suggest an increased cyber threat to the medical sector,” said the cybersecurity chief.
In a statement on Friday, the Coordinator characterized the MediSecure data breach as an “isolated” attack, assuring it has not disrupted the country’s widespread e-Prescription services. Patients can continue utilizing digital medical records and prescription capabilities as normal.
Additionally, the official noted a lack of evidence suggesting an amplified cyber threat facing the healthcare industry more broadly. While the full scope and cause of the MediSecure ransomware data breach remain under review, initial analysis reveals no signs of substantially growing dangers targeting other Australian medical organizations.
Following MediSecure’s disclosure of falling victim to a massive ransomware attack on Thursday, Australia’s National Cyber Security Coordinator Lieutenant General Michelle McGuinness provided an update on the situation.
MediSecure, an electronic prescriptions provider, reported being hit by a “large-scale ransomware data breach” that likely stemmed from one of its third-party vendors. In response, Lieutenant General McGuinness acknowledged government authorities are still piecing together details on the scope and type of data impacted.
Specifically, McGuinness noted ongoing work “to build a picture of the size and nature of the data that has been impacted by this data breach.”
“This discovery work often takes time and I understand Australians are anxious about the possibility of their personal information being affected,” McGuinness said.
McGuinness detailed the collaborative governmental response triggered in the wake of the MediSecure data breach. She activated the National Coordination Mechanism (NCM) on Thursday alongside representatives from the National Emergency Management Agency.
“The NCM allows us to achieve strong situational awareness and ensures that together, we’re best positioned to identify options available to the Australian Government to respond to the incident,” she added.
McGuinness sought to reassure the public that authorities were moving with their investigation into the MediSecure breach. She assured they were working at the highest urgency to finalize their examination and disclose findings.
“We will share this with you – along with what affected people may need to do to protect themselves,” McGuinness stated.
What Happened in the MediSecure Data Breach? The Timeline So Far
Details of the MediSecure ransomware breach first emerged when Australia’s National Cyber Security Coordinator addressed the situation on Thursday morning.
Lieutenant General Michelle McGuinness disclosed the “large-scale ransomware data breach incident” compromised individuals’ personal and medical information. She indicated her office was orchestrating a comprehensive governmental response to manage fallout from the major cyber intrusion.
“We are in the very preliminary stages of our response and there is limited detail to share at this stage, but I will continue to provide updates as we progress while working closely with the affected commercial organization to address the impacts caused by the incident,” McGuinness stated.
While not immediately naming the victimized company, McGuinness referred to it as a “commercial health information organization.” This suggested healthcare providers and patients could be at risk pending a full accounting of stolen files.
McGuinness’ statements opened initial discussion of the attacking gaining awareness of coordinated regulatory oversight, even with scarce facts known in the crisis’ early phases.
Local reports later identified the privately referenced “commercial health information organization” as MediSecure. This placed the e-prescription provider at the center of the large-scale ransomware breach first announced by McGuinness.
MediSecure’s websites had been down since Wednesday. But in a statement Thursday evening, the company directly acknowledged experiencing a cybersecurity incident. Early signs pointed to the breach originating from one of MediSecure’s third-party vendors.
While acknowledging compromised “personal and health information of individuals,” MediSecure withheld specifics on the number impacted, data types stolen, and perpetrators behind the MediSecure ransomware attack.
With MediSecure now identified, focus turned to their role as major Australian medical record provider and obligations to inform those put in harm’s way by the unspecified intrusion implicating a business partner network.
Lieutenant General McGuinness disclosed that in addition to her office’s coordination, both the Australian Cyber Security Centre and Australian Federal Police were involved in the response.
The AFP had launched an investigation into the MediSecure data breach. Meanwhile, the ACSC maintained active awareness to support coordination.
In an update on Friday, McGuinness revealed preliminary findings. Based on the investigation to date, she could confirm “no current ePrescriptions have been impacted or accessed.”
Furthermore, the Department of Health verified “there has been no impact to the ePrescription services currently in use.”
This indication that similar systems remained secure provided some reassurance. However,questions remained around the breach fallout, with MediSecure still withholding many key details about the attack’s scope and risks.
In her update, McGuinness noted initial technical advice indicating the compromise had been isolated within MediSecure, with no evidence of spillover risk to the medical sector overall.
Furthermore, investigators found no signs identity documents had been breached to date. McGuinness explained authorities were collaborating closely with MediSecure and associated bodies “to build a full picture of the impacted dataset.”
Reassuringly, she stated: “We have not seen evidence so far to suggest that anyone needs to replace their Medicare card.” However, McGuinness also acknowledged further examination could uncover risks necessitating document replacement.
Should discoveries emerge putting Australians’ identities at risk, officials stand ready to alert the public. For now, containment appeared achieved while the continuing probe aims to delineate harm and reassure patients their care and privacy face no present jeopardy.
On Friday morning, representatives from the Australian Medical Association (AMA) received an important briefing regarding the MediSecure data breach directly from Lieutenant General McGuinness’ office.
The AMA had previously called for a diligent and transparent investigation into the incident, stressing the need for clear, consistent public communications. They recognized how vital maintaining trust in digital healthcare systems has become.
During the meeting, the AMA expressed approval over plans to form a National Stakeholder Group aiding the coordinated government response. While anticipating additional disclosures, the organization emphasized the key message that “patients should not hesitate to get their prescriptions filled as these are not affected by the breach.”
About MediSecure
MediSecure operates as a prescription exchange service (PES), serving as a secure messaging system that facilitates the electronic transfer of prescriptions between healthcare providers and pharmacies.
Among Australian ePrescription providers, MediSecure represented one of two companies that grew prominently during the Covid-19 pandemic, issuing millions of digital orders beginning in 2020.
Statistics showcase the widespread adoption of ePrescriptions in Australia, with over 80,000 prescribers—including general practitioners and nurses—having generated more than 189 million electronic prescriptions as of January 2024 alone.
In May 2023, the Department of Health finalized a new four-year, $100 million+ contract with Fred IT Group to serve as the sole national ePrescription supplier through its eRx Script Exchange platform. This followed a tender process concluding on June 2nd, 2022.
Per the agreement, eRx Script Exchange became the single provider of Australia’s Prescription Delivery Service beginning July 1st, 2023.
As a result, public healthcare organizations and pharmacies were mandated to transition entirely from MediSecure’s platform to the eRx system for ePrescriptions going forward.
