Online prescription provider MediSecure has fallen into administration and liquidation just weeks after a large-scale ransomware attack.
The Melbourne-based health provider confirmed last month that a massive data breach had occurred, and that personal information and some limited health information of people who used the service were subsequently posted on a dark web forum .
But on Wednesday, FTI Consulting was appointed voluntary administrator of Medisecure Limited and liquidator of its subsidiary, Operations MDS Pty Ltd.
MediSecure, operating since 2009, was a national prescription provider that allowed prescriptions to be delivered electronically from the prescriber to a pharmacy of individual choice.
The hack was believed to be linked to a well-known ransomware group based in Russia.
Private healthcare organization MediSecure has collapsed into administration weeks after being hacked in a large-scale ransomware attack (file image)
Vaughan Strawbridge and Paul Harlond have been appointed administrators and liquidators of a subsidiary known as Operations MDS Pty Ltd.
In a statement, they said MediSecure had been in contact with the federal government regarding the breach.
“Our role as administrators and liquidators includes investigating the affairs of the company to identify the reasons for its bankruptcy and examining any options that may be available to recover assets for the benefit of the companies’ creditors,” Mr Strawbridge said.
“We will be speaking to the Australian government about what they need from the company and next steps in the response to the cyber incident.”
A first meeting of creditors will take place on June 14.
After the data breach was first detected, MediSecure took immediate steps to mitigate any impact to its systems.
“MediSecure takes its legal and ethical obligations seriously and understands that this information will be cause for concern,” the company said in a statement on May 16.
The data breach is one of several large-scale attacks that have hit Australian businesses in recent years, including Optus and Medibank (file image).
In an additional statement on May 24, the company confirmed that a data set containing customers’ personal information and some limited health information had been made available on a dark web forum.
“While MediSecure is working urgently to notify affected individuals, we wish to reiterate and reassure the Australian community that this cyber security incident does not impact continued access to medicines,” they said.
The eHealth company said the cyber incident was likely due to an issue with one of its third-party vendors.
At the time, cybersecurity coordinator Michelle McGuinness said authorities were investigating the cause of the breach.
The latest breach comes after health insurance giant Medibank was the victim of a major cyberattack that affected the personal data of 9.7 million people in 2022.
The Australian Signals Directorate revealed in its annual cyber threat update that almost 94,000 cybercrime reports were made to police in 2022-23, a 23 per cent increase on the previous year.
