Hacked health provider MediSecure put into administration weeks after massive data breach

Online prescription provider MediSecure has collapsed into administration and liquidation just weeks after a large-scale ransomware attack resulted in customer details being leaked on the dark web.The Melbourne-based health provider last month confirmed the massive data breach had taken place, with the personal information and some limited health information of people who used the service later being posted on a dark web forum.

MediSecure, which has operated since 2009, was a national prescription delivery service provider which enabled prescriptions to be delivered from prescribers to a pharmacy of an individual’s choice.

But on Wednesday, FTI Consulting were appointed as voluntary administrators of Medisecure Limited and liquidators of its subsidiary business, Operations MDS Pty Ltd.

Vaughan Strawbridge and Paul Harlond have been appointed as administrators and liquidators of a subsidiary know as Operations MDS Pty Ltd.

In a statement, they said MediSecure had been in contact with the federal government regarding the breach.

“Our role as administrators and liquidators includes investigating the affairs of the company to identify reasons for its failure, and to examine options that may be available to recover assets for the benefit of creditors of the companies,” Mr Strawbridge said.

“We will be speaking to the Australian government about what they need from the company and the next steps in the response to the cyber incident.”

A first meeting of creditors will take place on June 14.

After the data breach was first detected MediSecure took immediate steps to mitigate any impact on their systems.

“MediSecure takes its legal and ethical obligations seriously and appreciate this information will be of concern,” the company said in a statement on May 16.

In a further statement on May 24, the company confirmed a data set containing customers’ personal information and some limited health information had been made available on a dark web forum.

“While MediSecure is urgently working towards notifying the impacted individuals, we wish to reiterate and reassure the Australian community that this cyber security incident does not impact any ongoing access to medication,” they said.

The eHealth business said the cyber incident had likely originated from an issue with one of its third-party vendors.

At the time, Cyber Security Coordinator Michelle McGuinness said authorities were investigating the cause of the breach.

The latest breach follows health insurance giant Medibank fell victim to a major cyber hack that affected the personal details of 9.7 million people in 2022.

The attack was believed to be linked to a well-known ransomware group based in Russia.

The Australian Signals Directorate revealed in its annual cyber threat update that nearly 94,000 reports of cybercrime were made to police in 2022-23, an increase of 23 per cent from the previous year.