Yesterday, MediSecure, an Australian, digital prescription company, announced that the medical data of its million customers is at risk after hackers accessed their systems and demanded a ransom from the company.
At this time, MediSecure’s website and phone lines are out of operation.
“MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems. While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors,” the company said in a statement posted to its landing page.
Exactly what was taken is unknown but between 2020 and 2023, doctors issued more than 122 million digital scripts across the platforms.
MediSecure, based in Melbourne, was one of two companies awarded contracts by the federal government to provide public e-script services until late last year, when the contract was granted exclusively to another company and MediSecure transferred all publicly- funded electronic prescriptions and data to eRx.
No data appears to have been released online from the MediSecure hack and the hackers have not been identified publicly.
Stephen Gates, Principal Security SME, Horizon3.ai had this to say:
“Supply chain risks are becoming more prominent as attackers increasingly focus their efforts on smaller suppliers, who are often the weakest link. This fact poses a significant threat to the operational integrity and business continuity of buying and/or partnering organizations, making it a critical issue for CEOs, COOs, and CISOs to promptly address.
“Today’s organizations must affirm that their cyber-attack surface is no longer just their own. It now encompasses all of their third-party suppliers and partners’ attack surfaces as well. Therefore, not only do upstream buyers need to continuously assess their own cyber risk, but they also need to encourage and even demand their suppliers are doing the same.”
Another day, another third party hack. Sigh. You have to wonder what it will take for organizations to learn that they need to make their suppliers demonstrate that they are as secure as possible. Because this nonsense can’t continue.
Related
This entry was posted on May 17, 2024 at 8:34 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
MediSecure Ransomware Attack Impacts Millions of Australians
Yesterday, MediSecure, an Australian, digital prescription company, announced that the medical data of its million customers is at risk after hackers accessed their systems and demanded a ransom from the company.
At this time, MediSecure’s website and phone lines are out of operation.
“MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems. While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors,” the company said in a statement posted to its landing page.
Exactly what was taken is unknown but between 2020 and 2023, doctors issued more than 122 million digital scripts across the platforms.
MediSecure, based in Melbourne, was one of two companies awarded contracts by the federal government to provide public e-script services until late last year, when the contract was granted exclusively to another company and MediSecure transferred all publicly- funded electronic prescriptions and data to eRx.
No data appears to have been released online from the MediSecure hack and the hackers have not been identified publicly.
Stephen Gates, Principal Security SME, Horizon3.ai had this to say:
“Supply chain risks are becoming more prominent as attackers increasingly focus their efforts on smaller suppliers, who are often the weakest link. This fact poses a significant threat to the operational integrity and business continuity of buying and/or partnering organizations, making it a critical issue for CEOs, COOs, and CISOs to promptly address.
“Today’s organizations must affirm that their cyber-attack surface is no longer just their own. It now encompasses all of their third-party suppliers and partners’ attack surfaces as well. Therefore, not only do upstream buyers need to continuously assess their own cyber risk, but they also need to encourage and even demand their suppliers are doing the same.”
Another day, another third party hack. Sigh. You have to wonder what it will take for organizations to learn that they need to make their suppliers demonstrate that they are as secure as possible. Because this nonsense can’t continue.
Share this:
Like this:
Related
This entry was posted on May 17, 2024 at 8:34 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.