Sensitive data lures criminal hackers to MediSecure

E-script provider MediSecure says it is investigating a major data breach.

E-script provider MediSecure says it is investigating a major data breach. Photos: Getty

Australians are once again fearful their private medical data will be leaked after e-script firm MediSecure suffered a major hack, with a leading expert saying criminals see the health sector as ripe for the picking.

MediSecure revealed on Thursday that a “large-scale” ransomware attack had shut down its systems, sparking an investigation from the National Cyber Security Co-ordinator and the Office of the Australian Information Commissioner.

While the number of affected customers is still unknown, the attack comes after high profile hacks against other medical industry giants, including health insurer Medibank.

That data breach saw sensitive medical information of Australians leaked on the dark web, a grim reality that could be repeated if MediSecure did not pay a ransom to hackers.

Mohiuddin Ahmed. a senior lecturer of computing and security at Edith Cowan University, said cyber criminals had targeted the industry because it holds sensitive data.

“Cyber criminals know the pressure points very well, and the medical industry suffers heavily because of that,” Ahmed said.

“There is a high chance that the medical industry will pay the demanded ransom to ensure the safety and privacy of their customers.”

MediSecure released few details about the hack in a statement that has now replaced its website, but admitted the “personal and health information of individuals” is at risk.

“While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors,” the company stated.

Cyber crime surges

The federal government has stepped up efforts to crackdown on corporate hacks in the past year following high profile scandals.

That includes investing hundreds of millions in prevention and upping penalties for companies that fail to properly protect consumer data or notify regulators of hacks.

It comes amid a global surge in fraud, with a recent report from AustCyber finding that the value of global cyber crime has reached $12.23 trillion – up more than 175 per cent since 2020.

The trend is expected to continue, according to the report, reaching $18 trillion by 2028.

“The proliferation of ransomware attacks in recent years has posed a severe threat to global cyber security, disrupting critical infrastructure, businesses and individuals alike,” the report said.

Ahmed said the threat of ransomware is not just an issue for Australia’s medical industry, saying the US has also had its fair share of hackers targeting hospitals and adjacent business groups.

“In the US, hospitals paid over $100 million in ransoms, and ransomware attacks on critical health infrastructure nearly doubled from 2022 to 2023,” he said.

Australia catches up

Australia has been lagging on combating cyber crime after the  Medibank and MediSecure hacks.

Austcyber’s report found the nation holds the 19th position (of 33) in international competitiveness for cyber security.

“The growth of the cyber security sector in Australia has been driven by the rising number
and sophistication of cyber threats,” the report said.

“Cyber attacks, data breaches and ransomware incidents have surged in recent years, with Latitude Financial, Optus and Medibank demonstrating the cascading effect across all sectors.”

Recent federal government efforts are changing things, though, with Australia emerging as a leader in the International Counter Ransomware Taskforce, established by the United States.

That body is developing information sharing between countries and industries to track criminals and apprehend networks of hackers, as well as helping companies increase their protection against attacks.

Stay informed, daily
A FREE subscription to The New Daily arrives every morning and evening.
The New Daily is a trusted source of national news and information and is provided free for all Australians. Read our editorial charter.
Copyright © 2024 The New Daily.
All rights reserved.