The ABC can confirm script provider MediSecure is the health organisation at the centre of the large-scale ransomware data breach announced by the National Cyber Security Coordinator on Thursday.
MediSecure’s website has been pulled, and the company has posted a statement saying it has identified a cyber security incident impacting “the personal and health information of individuals”.
The company is a prescription exchange service, which facilitates electronic prescribing and dispensing of prescriptions.
It says it has “taken immediate steps to mitigate any potential impact on our systems”, and believes the incident originated from a third-party vendor.
“MediSecure takes its legal and ethical obligations seriously and appreciates this information will be of concern.
“MediSecure is actively assisting the Australian Digital Health Agency and the National Cyber Security Coordinator to manage the impacts of the incident.”
Earlier, the National Cyber Security Coordinator Michelle McGuiness was unable to share what company had been affected.
“I am working with agencies across the Australian government, states and territories to coordinate a whole-of-government response to this incident,” Lieutenant-General McGuinness said in a statement on social media platform X.
“We are in the very preliminary stages of our response and there is limited detail to share at this stage, but I will continue to provide updates as we progress while working closely with the affected commercial organisation to address the impacts caused by the incident.”
The organisation is also working with the Australian Federal Police.
Cyber Security Minister Care O’Neil says she was briefed on the breach, and the government had convened a National Coordination Mechanism.
“Updates will be provided in due course,” she said on social media platform X.
“Speculation at this stage risks undermining significant work underway to support the company’s response.”
© 2020 Australian Broadcasting Corporation. All rights reserved.
ABC Content Disclaimer