Medical data breaches hit medical industry in Australia and overseas
May 17, 2024
The Health Industry is a keen target for cyber attacks. Hospitals, medical surgeries and health industry organisations collect vast amounts of personal and financial information on the one hand. On the other, the industry is notoriously prone to attack. In the United States Singing River Health System has been hacked with the records of 895,000 stolen while an attack on Ascension has resulted in Ambulances being diverted and EHRs taken off line. But it is Australia where one of the most significant attacks in the health industry has occurred. There has been a data breach at Medisecure, a company which provides electronic prescriptions and monitoring. There is good coverage by the Australian Financial Review which puts this attack in the context of large scale data breaches in Australia in the last year or so.
Given that Medisecure, a name that is deeply ironical today, is the only accredited electronic provider of prescription this is a potentially disastrous development.
As per usual in the Australian environment MediSecure has released a very brief (non) statement which provides:
MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems.
While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.
MediSecure takes its legal and ethical obligations seriously and appreciate this information will be of concern. MediSecure is actively assisting the the National Cyber Security Coordinator to manage the impacts of the incident. MediSecure has also notified the Office of the Australian Information Commissioner and other key regulators.
MediSecure understands the importance of transparency and will provide further updates via our website as soon as more information becomes available. We appreciate your patience and understanding during this time.
While most of the statement is pap what is relevant is that the breach came through a third party vendor. That is a common entrepot for major data breaches. Many organisations have not properly grappled with ensuring that third party operators which authorisations and access rights to their Read the rest of this entry »