MediSecure placed in administration, weeks after data breach

June 6, 2024 |

The cost of remedial work after a data breach has always been significant and sometimes extreme. Those costs typically start with bringing in cyber security experts and other IT people to locate the malware and find the point of ingress. Then there is repair work to be done. There may be significant damage to systems. Then there is the cost of assessing the damage, determining what has been stolen. Reconstructing files. There is the notification obligations and the prudent steps to advise clients of what has happened. That involves PR/human resources staff. Then there are the potential legal issues, sometimes involving the regulator, sometimes a class action. Sometimes getting advice. And the costs continue. In the United States in 2023 the average cost of a data breach was $4.45million according to Ponemon. The average costs of a data breach in the Middle East was $8.07 million, in Canada it was $5.13 million, in Germany the sum of $4.67 million, and in Japan at $4.52 million. These figures are almost certainly understatements. There is significant under reporting and not all expenses are included in the calculations.  CEOs and CFOs are invariably shocked by the initial cost and the ongoing costs of dealing with a data breach.  The phrase a “spoonful of prevention is worth a pound of cure” is apt.  In my experience that rarely happens.  Organisations often have the C suite as far away from the IT and cyber security operations.  Even CIO’s focus on data collection and impressive homepages.  Having a comprehensive data security system is a secondary concern.  And often times there is no data breach response plan.

A cost often not properly considered is the reputational damage to an organisation and the consequential loss of market. To highlight that MediSecure suffered a data breach a few weeks ago. It has now appointed an administrator after its attempts to have the Federal Government bail it out failed. The ABC has covered the story stating:

The health company at the centre of a recent cyber attack has gone into administration, just weeks after it asked the federal government for a bailout.

Script provider MediSecure at centre of ‘large-scale ransomware’ data breach

National cyber security coordinator Michelle McGuinness says the Australian Federal Police is also looking into the breach.

Some of the information stolen, including patient data relating to scripts and the personal information of healthcare providers, is now on the dark web for sale. The dark web is only accessible via specialised web browsers and is often used to sell illegal items, including stolen data.

The company went into administration on Monday but the details have only been released on Wednesday. Vaughan Strawbridge and Paul Harlond of FTI Consulting have been appointed as the administrators of MediSecure and liquidators of a subsidiary entity of MediSecure known as Operations MDS Pty Ltd.

In a statement Mr Strawbridge said the company recognised the concern and impact of the cyber incident.

“The company has been in contact with the Australian government with respect to providing information in response to that incident,” he said.

“Our role as administrators and liquidators includes investigating the affairs of the company to identify reasons for its failure, and to examine options that may be available to recover assets for the benefit of creditors of the companies.

“We will be speaking to the Australian government about what they need from the company and the next steps in the response to the cyber incident.”

Last month MediSecure requested a bailout from the federal government, but the request for financial support was declined.

MediSecure asks for government bailout after cyberhack

The health company at the centre of a cyber attack asks the federal government for a bailout, as personal information about some Australians is posted for sale online.

It was the first time a request for financial support had been made by a private company following a cyber attack. The federal government’s role is to provide technical assistance following an attack and it has never handed over cash to private companies.

In a statement issued on Friday, MediSecure defended its request for funding.

“MediSecure wishes to clarify that it sought funding from the Commonwealth government for the limited and confined purpose of assisting with the costs associated with responding to the incident, and the request was not for funding MediSecure’s operational costs unrelated to the cyber-attack,” the statement said.

The first meeting of creditors of MediSecure will be held within a few weeks.

Little detail around data stolen

To date, MediSecure has never detailed how many Australians have been affected by the attack or the extent of the data stolen, despite demands from the federal government for details.

Home Affairs and Cyber Security Minister Clare O’Neil said she asked the company to publicly outline what it knew and to notify those that had been affected, but was yet to receive a response.

“It has taken an unacceptably long time for MediSecure to provide clarity on the details of data that may have been stolen from them in the recent data breach,” she said in a statement on Friday.

“At this stage, we do not know the extent of the breach. However, people who may be affected need to be equipped with that knowledge so they can take appropriate precautions.

“The public would reasonably expect more regular updates on the progress of that process.”

MediSecure said it was trying to provide answers.

“We have also been working with cyber and forensic experts from McGrathNicol Advisory in collaboration with the National Cyber Security Coordinator, to endeavour as quickly as possible to confirm the extent of the data breach and all individuals impacted,” the statement said.

“We are grateful for their support, without which we would be unable to make progress with respect to the incident response.

“We appreciate this process has taken time, and MediSecure has continued to make every effort to assist the government in responding to this cyber-attack.”

The National Cyber Security Coordinator continues to lead the response to the attack, with federal police investigating.

Leave a Reply





Verified by MonsterInsights