Yet another provider in the healthcare data sector has fallen foul of hackers, prompting the Federal Government to issue a warning for customers of MediSecure to be on the lookout for potential scams.
MediSecure has confirmed the incident impacted the personal and health information of people held by the company’s systems up until November 2023.
“We have taken immediate steps to mitigate any potential impact on our systems,” MediSecure said in a statement. “While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”
“We can confirm the cyber security incident impacts personal information and limited health information relating to prescriptions. Additionally, this cyber security incident also impacts the personal information of healthcare providers.
“MediSecure understands this will be concerning to our customers, and we are working very hard to communicate with impacted individuals as soon as possible. We appreciate your continued patience, and we will provide further updates to the community when available.”
Until late 2023, MediSecure was one of two prescription delivery services operating nationally, when the tender for this service was awarded exclusively to another company, Fred IT Group’s eRx Script Exchange (eRx).
The Government said there was no risk to the current national prescription delivery service, eRx, and that the digital systems supporting the Pharmaceutical Benefits Scheme, Medicare, Real Time Prescription Monitoring and My Health Record had not been affected.
“The impact of this incident is isolated to MediSecure’s systems only. There is no evidence to suggest there is an increased cyber threat to the medical sector,” it said in a statement.
“The National Cyber Security Coordinator is working with agencies across the Australian Government, as well as states and territories to coordinate a whole-of-government response to this incident.”
The Government has advised GPs and pharmacists to direct concerned patients to the information page and noted that if a health professional is notified that their MPN or PBS prescriber number has been exposed, they do not need to request a new one.
“We also ask you to advise your patients they can – and should – continue to fill their electronic and paper prescriptions and access their medications. The current prescription delivery service is not affected, and health care providers can still prescribe and dispense as usual,” the Department of Home Affairs said in a statement.
“An MPN and PBS prescriber numbers is not enough information for a third-party threat actor to access Medicare records or claiming systems. These claiming systems include security measures to prevent unauthorised access. Online channels and our telephony channels are protected by proof of record ownership processes.
“Using the Health Professional Online Services (HPOS) system provides an additional measure of security if a healthcare provider needs to update their details, such as the address recorded against their MPN and PBS prescriber number, and banking details.”
More information is available at: https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/cyber-coordinator/medisecure-cyber-security-incident