MediSecure not secure - massive hack.

[Bobby]

https://www.abc.net.au/news/2024-05-16/ ... /103856582

16th May 2024 updated 26m ago

The ABC can confirm e-script provider MediSecure is the health organisation
at the centre of the large-scale ransomware data breach
announced by the National Cyber Security Coordinator on Thursday.

MediSecure's website has been pulled, and the company has posted a statement saying it has identified a cyber security incident impacting "the personal and health information of individuals".

The company is a prescription exchange service, which facilitates electronic prescribing and dispensing of prescriptions.

It says it has "taken immediate steps to mitigate any potential impact on our systems", and believes the incident originated from a third-party vendor.

"MediSecure takes its legal and ethical obligations seriously and appreciates this information will be of concern.

"MediSecure is actively assisting the Australian Digital Health Agency and the National Cyber Security Coordinator to manage the impacts of the incident."

Earlier, the National Cyber Security Coordinator Michelle McGuiness was unable to share what company had been affected.

"I am working with agencies across the Australian government, states and territories to coordinate a whole-of-government response to this incident," Lieutenant-General McGuinness said in a statement on social media platform X.

"We are in the very preliminary stages of our response and there is limited detail to share at this stage, but I will continue to provide updates as we progress while working closely with the affected commercial organisation to address the impacts caused by the incident."


The organisation is also working with the Australian Federal Police.

Cyber Security Minister Care O'Neil says she was briefed on the breach, and the government had convened a National Coordination Mechanism.

"Updates will be provided in due course," she said on social media platform X.

"Speculation at this stage risks undermining significant work underway to support the company's response."

In October 2022, Medibank revealed hackers accessed the personal data of all customers across its Medibank, ahm and OSHC brands, affecting millions of Australians.
Back to top

[Bobby]

But the new Digital ID system will be unhackable? - yeah right.

https://www.afr.com/technology/electron ... 516-p5je6m

Australia has been roiled by several major hacks in recent years, including on
Optus, Medibank, Latitude Financial, law firm HWL Ebsworth and stevedore DP World.

Electronic prescriptions company hacked in major ransomware breach


The Australian cyber security co-ordinator has confirmed it is managing the fallout from a serious hack and extortion attempt on a healthcare information company.

The Australian Financial Review can reveal the company that has had data stolen is MediSecure, an electronic prescriptions provider. Its software lets people get their scripts from their doctor digitally, raising the spectre of personal medication information being leaked online.

On Thursday, the company’s website was down and its phone lines were out of operation. In a statement posted to its otherwise empty website, the company said it had taken steps to limit the damage of the hack and was working with authorities.

[Black Orchid]

I use cash wherever I can and will continue to do so. Albo is going to ban ChemistWarehouse from applying their $1 discounts to prescriptions even though they are legally allowed to do so.

[Bobby]

I use cash wherever I can and will continue to do so. Albo is going to ban ChemistWarehouse from applying their $1 discounts to prescriptions even though they are legally allowed to do so.

Really?

[Bobby]

The penalties are not sufficient to increase security in companies
that guard our highly personal data.

Was anyone compensated for having their personal data available
to criminals on the dark web?
Optus never compensated me.

[Bobby]

Cyber crime costing the Australian economy $30 billion a year.



The war against data hackers is ramping up. In the wake of the Optus and Medibank scandals – Canberra is looking at ways to defend our cyber borders by throwing up new internet blocks and making it illegal to pay data ransoms.

[Bobby]

What worries me is that there is no path for compensation if your ID is hacked.
It's the same with Optus where 10 million records were stolen including mine -
all out there on the dark web.
What compensation did we receive? - nothing zero.

[Bobby]

Back to Optus:

https://www.cyberdaily.au/security/1062 ... ort-secret


Optus loses appeal to keep Deloitte cyber attack report secret

The Federal Court has dismissed Optus’ appeal to hold back a Deloitte report into its 2022 cyber attack from class action lawyers.
user icon David Hollingworth • Mon, 27 May 2024

The Australian Federal Court has ruled that Optus will not be able to keep a report it commissioned from professional services firm Deloitte regarding its 2022 cyber attack out of the hands of lawyers representing a class action against the telco.

Optus had claimed that the report and its contents were protected under legal professional privilege and that it was primarily commissioned to provide legal advice. However, Federal Court judge Justice Jonathan Beach ruled against this claim in November, saying there were “problematic aspects” to the company’s claim.

Justice Beach determined that since the report had been mentioned in an Optus press release, and then Optus CEO had said the report would “help inform the response to the incident”, its “dominant purpose was not a legally privileged purpose”.

“This is hardly the stuff of a report being prepared or used predominantly for legal advice or a litigation purpose,” said at the time.

The report must now be shared with law firm Slater & Gordon, which is pursuing the class action on behalf of Optus customers impacted by the data breach. It is expected that while the report is not being released to the public, portions of it will likely become public as the class action proceeds.

Ben Hardwick, class actions practice group leader at Slater & Gordon, is pleased by the Federal Court’s decision.

“Despite refusing to accept the umpire’s decision, Optus must now hand over the Deloitte report into how millions of its customers’ private information was accessed as a consequence of the 2022 data breach,”

[Black Orchid]

The Australian Federal Court has ruled that Optus will not be able to keep a report it commissioned from professional services firm Deloitte regarding its 2022 cyber attack out of the hands of lawyers representing a class action against the telco.

It's nice to see some moral common sense prevail occasionally.