The electronic prescriptions provider confirmed the incident in a statement on May 16, which it admitted has impacted the personal and health information of individuals.
The company confirmed that the attack was caused by an attack on a third-party supplier.
No indication has been given as to the nature of the information that has potentially been accessed.
Currently, no data appears to have been released online and the attackers have not been identified publicly.
Medisecure's website and phone lines are also out of operation at the time of writing.
The firm said it has taken immediate steps to mitigate any potential impact on its systems and is actively assisting Australia's National Cyber Security Coordinator to manage the incident.
The Office of the Australian Information Commissioner and other key regulators have also been notified.
The incident is also being investigated by the Australian Federal Police.
Both MediSecure and McGuiness said they will continue to provide updates when they become available.
The MediSecure incident follows a broader trend of healthcare organizations being targeted by ransomware attacks.
Comparitech researchers have logged 24 confirmed ransomware attacks on US healthcare organizations so far in 2024.
This followed 126 such attacks in 2023, which affected at least 17.6 million records.
A ransomware incident is currently affecting US private healthcare giant Ascension, which has led to ambulances being diverted and patient appointments being postponed.
The attack has reportedly been perpetrated by the Black Basta ransomware group.
In February 2024, US health payment provider Change Healthcare was also hit by a ransomware attack, severely disrupting patient care across the US. Change's owner UnitedHealth later confirmed that it paid the BlackCat ransomware group a ransom to restore its systems, reportedly around $22m, to restore its systems.
Healthcare is a lucrative target for ransomware attackers, due both to the highly sensitive information held and the potential harm to patient health.
This Cyber News was published on www.infosecurity-magazine.com. Publication date: Fri, 17 May 2024 10:35:11 +0000