An Australian e-prescription provider has experienced a significant setback following a data breach that exposed customer information on the dark web. Unfortunately, in the aftermath of this incident, the company has collapsed.
MediSecure, an online prescription provider, has recently faced significant challenges. The company unfortunately faced administration and liquidation following a major ransomware attack that resulted in the unauthorised disclosure of customer information on the dark web. Last month, a health provider based in Melbourne acknowledged a significant data breach. Personal information, along with the limited health information of individuals who used the service, was subsequently shared on a dark web forum.
MediSecure, a national prescription delivery service provider, has been in operation since 2009. It facilitates the delivery of prescriptions from prescribers to individuals’ chosen pharmacies. However, FTI Consulting has been appointed as voluntary administrators of Medisecure Limited and liquidators of its subsidiary business, Operations MDS Pty Ltd, as of Wednesday.
Operations MDS Pty Ltd has appointed Vaughan Strawbridge and Paul Harlond to oversee its operations and financial matters. According to their statement, MediSecure has been in communication with the federal government regarding the breach.
“Our role as administrators and liquidators includes investigating the affairs of the company to identify reasons for its failure, and to examine options that may be available to recover assets for the benefit of creditors of the companies,” Strawbridge said.
“We will be speaking to the Australian government about what they need from the company and the next steps in the response to the cyber incident.”
The initial creditors’ meeting is scheduled for 14 June.
Following the discovery of the data breach, MediSecure promptly implemented measures to minimise any potential harm to their systems.
“MediSecure takes its legal and ethical obligations seriously and appreciate this information will be of concern,” the company said in a statement on 16 May.e
The company issued another statement on 24 May to confirm the discovery of a data set on a dark web forum that contained customers’ personal information and a small amount of health information.
“While MediSecure is urgently working towards notifying the impacted individuals, we wish to reiterate and reassure the Australian community that this cyber security incident does not impact any ongoing access to medication,” they said.
According to the eHealth company, a problem with one of its third-party vendors most likely caused the cyber incident. Authorities are currently investigating the cause of the breach, according to Cyber Security Coordinator Michelle McGuinness.
In the most recent incident, Medibank, a health insurance giant, experienced a significant cyber attack that compromised the personal information of 9.7 million individuals in 2022. It is suspected that the attack is linked to a notorious ransomware group with Russian ties.
In its annual cyber threat update, the Australian Signals Directorate disclosed that there was a significant rise in the number of cybercrime reports made to the police in 2022–23. The figures indicate a 23% surge from the previous year, with nearly 94,000 reports filed.