An unnamed “commercial health information organization” in Australia recently fell victim to a cyber attack, according to reports from Australian media. The attack specifically targeted digital prescriptions for Australian patients and affected Melbourne-based company MediSecure. The Australian government is currently in the early stages of its response and investigations are ongoing, so there is limited information available at this time. It is common for investigations of this nature to take several days or even weeks before a full understanding of the impact can be determined.
While the investigation continues, it is important for the public to remain vigilant against potential scams that may arise in the coming days, even if they have not received a digital prescription before. It is currently unknown who exactly has been affected by the breach, as there is no information available to determine this. It is possible that the data indicating which healthcare practices were using MediSecure’s prescription service is currently inaccessible due to the ransomware incident. Alternatively, the government may be working with providers to plan communications with those affected, which would be an effective way to share information in a timely manner.
For individuals who received prescriptions prior to November, it is possible that their medical practice was using MediSecure’s prescription system. They can check this by reviewing older scripts and seeing if the hyperlink was issued via MediSecure. However, it is important to note that there is currently no information available to confirm who exactly has been affected by the breach.
From November 15, 2023, MediSecure ceased processing prescriptions in Australia after the contract was awarded to eRx through a tender process. The government has assured the public that services provided by eRx have not been affected. Individuals should continue accessing their medications and filling their prescriptions as usual, including both paper and electronic prescriptions issued before November 2023.
It is crucial to remain cautious of potential scams that may arise in connection with this incident. Investigations are ongoing to determine the extent of the breach, including whether data was stolen in addition to the company being locked out of its systems. There is a possibility that unrelated criminal groups may take advantage of the public interest in this story and create scams. Following the Optus data breach, criminals quickly established new campaigns to manipulate the public, and a similar situation may occur with the MediSecure breach.
If the criminals behind the ransomware attack have indeed taken the data for their own use, there could be significant consequences. Scammers could use personal information, prescription data, and potentially a person’s Medicare card number to make their campaigns appear authentic. For example, they may send an official-looking email that includes the final four digits of a person’s Medicare card to “verify” its authenticity, claiming that the full number is not included for security reasons. If stolen data is released, it could be used by other criminals in their campaigns, as seen with the Optus data breach.
The investigation into the MediSecure breach will continue in the coming weeks to determine the extent of the data accessed and how many people are affected. So far, it has been assured that no identity documentation is at risk, as Medicare records contain limited information that cannot be used for identity theft. The most important message at this time is to remain vigilant and be aware of potential scams that may arise in connection with this incident. If individuals receive direct communications claiming to be from MediSecure, they should refer to the Home Affairs website for the latest information. The Australian Competition and Consumer Commission’s Little Black Book of Scams is also a valuable resource to raise awareness of cyber criminals’ techniques.