See if your information has been exposed in a data breach with our latest free tool Check Now
Cyber crime

The MediSecure ransomware attack: what you need to know

Shanna Hall
4 Min
medical cross symbol

Australia’s national cybersecurity coordinator recently announced that a large-scale ransomware data breach is impacting a commercial healthcare organisation and that agencies are working on a whole-of-government response. 

Media reports have revealed the organisation is MediSecure, a major e-prescriptions provider. MediSecure facilitates electronic prescribing and dispensing of prescriptions across the nation. The company’s website is currently offline. In a statement, MediSecure confirmed that it has identified a cyber security incident that puts private personal and health information at risk – a major concern, especially considering that stolen data can fuel further cyber attacks, as we saw with the Medibank breach

National cybersecurity coordinator Michelle McGuinness has said they are in “very preliminary stages of our response and there is limited detail to share at this stage,” while a MediSecure spokesperson has also said investigations are underway. 

So what do we know so far?

How did the MediSecure ransomware attack happen?

In a statement on the MediSecure website, the business says the incident likely stemmed from a third-party vendor and that it has taken immediate mitigating steps.

“While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors. MediSecure takes its legal and ethical obligations seriously and appreciate this information will be of concern.”

Third-party vendors are a common attack vector for cybercriminals. In our discussion with Lance Rubin, founder/owner of financial modelling consultancy Model Citizn, Lance explained that his business was targeted because they worked closely with large organisations and government entities.

“It’s not you as a business, it’s actually how you’re connected to the broader, industry finance ecosystem… I’d say that probably anyone who’s in financial services and a small business is probably at a greater risk because we’re so trusted, because we’ve got access to our clients information. And therefore it’s not necessarily our own data [that hackers want], it’s our client’s data.”

What is a ransomware attack, exactly?

Australia has seen a growing number of high-profile ransomware attacks, including those against Medibank, Latitude Financial and HWL Ebsworth.

Ransomware attacks involve a malicious actor infiltrating a system to lock or encrypt your files, assets and data, then demanding a ransom for the release of those files. A now-ubiquitous tactic involves demanding a ransom not to leak or sell highly sensitive information or intellectual property. For organisations that store data relating to legal, financial or health-related areas, the dissemination of that information can be especially devastating – unfortunately, this makes them a common target for ransomware attacks.

In particular, healthcare organisations are popular targets for cyber attacks. A similar attack rocked the entire US health system, when a cyber attack immobilised one of the country’s largest health payment and prescription processors, Change Healthcare. The attack resulted in critical delays impacting pharmacies, clinics, hospitals and insurers.

What will happen in the wake of the MediSecure cyber attack?

MediSecure is cooperating with the Australian Digital Health Agency and national cyber security authorities to manage the incident’s impacts. Previously, it held a government contract for providing PBS e-script services until late 2022, when exclusivity was granted to another firm, eRx.

Cyber Security Minister Clare O’Neil confirmed being briefed on the breach. She said a national coordination mechanism has been convened, with updates to be provided later to avoid undermining the response efforts.

The Australian Medical Association president has pushed for urgent briefings, calling for a thorough, transparent investigation backed by clear public communication to maintain trust in electronic health systems.

Stolen data can heighten your AP team’s cyber risks

Ransomware attacks have devastating consequences for the organisations and individuals impacted, but there are knock-on effects even for those who aren’t directly affected. A joint police operation claims to have linked 11,000 cybercrime incidents to the Medibank data breach, illustrating how stolen data can act as kindling for other cyber attacks.

Many accounts payable (AP) and finance professionals are on the frontlines of business scams and cybercrime. With stolen data facilitating even more scams, consider two important areas necessary for protecting yourself:

  • Employee awareness. Staff need to be kept informed and alert to the potential for scams and the warning signs to notice. This means regular training but also keeping them up-to-date on the latest breaches, risks and scam tactics.
  • Anti-fraud processes. Humans are fallible, which means that employee awareness cannot and should not be your final line of defence. Instead, look for automated and centralised way to enforce strong anti-fraud controls like segregation of duties.
Cybersecurity Guide f
Learn the latest scam risks and how to protect your business
Whether you want to keep your team informed or reassess your security control procedures (or, ideally, both!), our latest Cybersecurity Guide for CFOs can help.

Related articles

Cyber crime

Where does cybercrime come from?

Where does cybercrime originate? A private investigator, along with a world-first study into cybercrime origins, reveals who is behind common types of cyber attacks.

Read more

The new security standard for business payments

Eftsure provides continuous control monitoring to protect your eft payments. Our multi-factor verification approach protects your organisation from financial loss due to cybercrime, fraud and error.