This appeared a day or so ago:
Aussie cops probe MediSecure's 'large-scale ransomware data breach'
Throw another healthcare biz on the barby, mate
Fri 17 May 2024 // 23:31 UTC
Australian prescriptions provider MediSecure is the latest healthcare org to fall victim to a ransomware attack, with crooks apparently stealing patients' personal and health data.
"While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors," the e-script provider said in a statement on Thursday.
MediSecure did not indicate how many individuals were affected by the incident, but promised to "provide further updates via our website as soon as more information becomes available." It also said it is working with Oz's National Cyber Security Coordinator to "manage the impacts of the incident," and has notified regulatory agencies including the Office of the Australian Information Commissioner.
Australia's federal police are investigating the intrusion, which the National Cyber Security Coordinator described as a "large-scale ransomware data breach incident."
In a separate statement on Thursday, the country's top cybersecurity chief said the Australian government "continues to assist MediSecure," and that it's "still working to build a picture of the size and nature of the data that has been impacted by this data breach."
The statement continued:
From the information that is currently available to the government, no current ePrescriptions have been impacted or accessed. The Department of Health has confirmed there has been no impact to the ePrescription services currently in use.
On the basis of technical advice from MediSecure to date, the original compromise has been isolated and there is no evidence to suggest an increased cyber threat to the medical sector.
We are looking closely at any evidence about whether identity documents have been compromised in the breach, and are working with MediSecure, Services Australia, and state and territory credential issuing bodies to build a full picture of the impacted dataset.
We have not seen evidence so far to suggest that anyone needs to replace their Medicare card. If our investigation turns up any evidence to suggest Australians' identities are at risk and they need to replace their documents, we will let them know.
The government is also briefing health sector industry groups about the digital intrusion and response, including the Australian Medical Association, the Pharmacy Guild of Australia, and "major private hospital providers."
The MediSecure incident is yet another indication of ransomware crews increasingly targeting the healthcare sector as these organizations are responsible for safeguarding very sensitive medical and personal information belonging to millions.
- Australia imposes cyber sanctions on Russian it says ransomwared health insurer
- London Drugs closes all of its pharmacies following 'cybersecurity incident'
- UnitedHealth's 'egregious negligence' led to Change Healthcare ransomware infection
- Ransomware negotiator weighs in on the extortion payment debate with El Reg
Data thieves know this means the victim orgs are more likely to pay ransom demand — as we saw with the massive Change Healthcare attack in America with that company paying the criminals $22 million. Despite paying the extortion demand, more ransomware crooks reportedly started leaking sensitive data and extorting the company for even more money.
In late 2022, Australian health insurer Medibank fell victim to a ransomware attack with data of almost 10 million customers leaked.
Stolen info included medical treatment details belonging to about half a million Medibank customers, along with names, dates of birth, addresses, phone numbers and email addresses of 9.7 million individuals.
The now-defunct REvil crime gang was blamed for this attack, and Australian authorities accused Russia of harbouring the group.
Here is the link:
https://www.theregister.com/2024/05/17/medisecure_ransomware_attack/
Here is the Government’s response:
MediSecure cyber security incident
The Australian Government is working with former prescription delivery service provider MediSecure to respond to a cyber incident affecting the company.
This service enabled prescriptions to be delivered from prescribers to a pharmacy of an individual’s choice (for paper and electronic prescriptions). Until late 2023, MediSecure was one of two prescription delivery services operating nationally.
In May 2023 the Australian Government finalised a tender for this service, awarded exclusively to another company, Fred IT Group’s eRx Script Exchange (eRx).
The national prescription delivery service, eRx, is not affected by this cyber incident. Consumers can continue to access medicines safely, and healthcare providers can still prescribe and dispense as usual.
The National Cyber Security Coordinator is working with agencies across the Australian Government, as well as states and territories to coordinate a whole-of-government response to this incident.
We are in the preliminary stages of our response to the incident.
What data has been compromised?
What should I do if I think my data has been compromised?
Is there a risk my other medical records have been accessed?
How can I protect my information online?
What data has been compromised?
A MediSecure database containing the personal and limited health information of individuals relating to prescriptions, as well as healthcare provider information has been affected by this cyber security incident.
The affected data relates to prescriptions distributed by MediSecure’s systems up until November 2023.
Technical and forensic investigations are ongoing. Updates will be provided as those investigations progress.
What should I do if I think my data has been compromised?
Prescriptions continue to work as normal. People should keep accessing their medications and filling their prescriptions. This includes prescriptions (paper and electronic) that may have been issued up until November 2023.
Protecting my medical identification
Services Australia advises those who are concerned about healthcare card identifier details (such as Medicare, Pensioner Concession, Healthcare Concession, and Commonwealth Seniors), that your Medicare account cannot be accessed with your Medicare card number alone. Unlike a scan or copy of a Medicare card, a Medicare card number by itself cannot be used as proof of identity.
Services Australia advises that individuals do not need to take any action related to their Medicare, Pensioner Concession, Healthcare Concession, and Commonwealth Seniors cards.
Services Australia is examining other potential impacts to individuals’ identity security associated with breached card numbers.
More information about how Services Australia protects information in the event of data breaches is available on the Services Australia website.
Protecting my personal information
In any data breach involving sensitive personal information, it is essential that individuals can find proper support. The Office of the Australian Information Commissioner (OAIC) provides data breach support and resources on the OAIC website.
The IDMatch, a joint Australia, state and territory government initiative, provides guidance on how Australians can protect and remediate identity information. You can find clear, consistent guidance on how to protect identity information, how to minimise the likelihood and consequences of identity crime, and the steps to take to remediate compromised identities at the IDMatch website.
Identifying and reporting scams
The Australian Competition and Consumer Commission has established the National Anti-Scam Centre, to coordinate government, law enforcement and the private sector to combat scams. It operates Scamwatch, a service to support individuals to recognise, avoid and report scams.
Individuals can report suspected scams through to the National Anti-Scam Centre via Scamwatch through the National Anti-Scam website.
This website also hosts information to support individuals to protect themselves from scams and recognise the signs of a scam.
Identifying and reporting cyber security incidents
The Australian Signal’s Directorate’s Australian Cyber Security Centre (ASD’s ACSC) provides technical incident response advice and assistance to Australian organisations that have been impacted by a cyber security incident.
Cyber security incidents can be reported to the ASDs ACSC via the Australian Cyber Security Centre Hotline on 1300Cyber1 (1300 393 371) or online at ReportCyber.
I am a general practitioner, pharmacist or other medical professional. What advice should I give to my patients who may be impacted?
If you have a patient concerned that their information has been breached, direct them to this information page. We also ask you to advise your patients they can – and should – continue to fill their electronic and paper prescriptions and access their medications. The current prescription delivery service is not affected, and health care providers can still prescribe and dispense as usual.
I am a general practitioner, pharmacist or other medical professional. What action should I take if I think my Medicare Provider Number (MPN) or PBS prescriber number has been impacted?
MPNs and PBS prescriber numbers are already publicly available numbers that are printed on invoices, health certificates and patient referrals.
An MPN and PBS prescriber numbers is not enough information for a third party threat actor to access Medicare records or claiming systems. These claiming systems include security measures to prevent unauthorised access. Online channels and our telephony channels are protected by proof of record ownership processes.
If a health professional is notified that their MPN or PBS prescriber number has been exposed, they don’t need to request a new one.
Using the Health Professional Online Services (HPOS) system provides an additional measure of security if a healthcare provider needs to update their details, such as the address recorded against their MPN and PBS prescriber number, and banking details.
Is there a risk my other medical records have been accessed?
There is no risk to the current national prescription delivery service, eRx.
Additionally, digital systems supporting the Pharmaceutical Benefits Scheme, Medicare, Real Time Prescription Monitoring and My Health Record have not been impacted by this cyber security incident.
The impact of this incident is isolated to MediSecure’s systems only.
There is no evidence to suggest there is an increased cyber threat to the medical sector.
How can I protect my information online?
As an individual there are steps you can take to protect your personal information and online accounts, particularly if you think any of your information, such as logins or passwords, have been caught in a data breach.
Three simple steps you can take to be more secure online are:
· Set up multi-factor authentication to add an extra layer of security to your online accounts.
· Create strong and unique passphrases of 14 or more characters long for every account.
· Install software updates regularly to keep your devices secure.
By incorporating these simple steps into your daily online activity, you can significantly improve your personal cyber security.
Learn the basic steps to protect yourself online at cyber.gov.au, the Australian Government's trusted source of cyber security advice, and where you can receive the latest cyber information and advisories.
More Information
For more information regarding the cyber security incident impacting MediSecure, please visit MediSecure’s website.
Here is the link:
It looks to me that, as the service was no longer in use, that there is not a great amount of harm done – other than to remind system owners that they need to be alert of issues all the time!
The incident has been reported on globally and has been a wake-up call all over!
Another learning experience I guess!
David.
No comments:
Post a Comment