MediSecure cyber breach underscores the need for robust cybersecurity in healthcare

The recent cyber incident involving MediSecure, where data was allegedly stolen and posted to a Russian hacking forum, has raised concerns about cyber security in the Australian healthcare sector. The breach is part of a series of high-profile cyber attacks targeting Australian organizations such as Optus, Medibank and Latitude Financial.

According to Sumit Bansal, vice president of Asia Pacific and Japan at BlueVoyant, the MediSecure breach highlights supply chain security vulnerabilities. “The incident serves as a stark reminder for Australian organizations to closely monitor their suppliers and other third parties. Supply chain attacks often infiltrate organizations through the weakest link,” Bansal said. He further emphasized the importance of understanding the digital supply chain and implementing a “defense in depth” strategy, which includes multiple layers of security measures to protect sensitive data.

The healthcare sector is particularly vulnerable due to its extensive networks and the high value of healthcare data on the dark web. Javaad Malik, a Security Awareness Advocate at KnowBe4, noted, “Incidents like the MediSecure breach remind us of the critical need for robust cybersecurity measures within healthcare.” Malik added that it is paramount that organizations take a proactive stance on cybersecurity, emphasizing that the issue goes beyond IT and touches on patient safety and trust in digital healthcare services.

The consequences of the MediSecure breach are alarming. Reports have surfaced that a member of a Russian hacking forum is selling 6.5 terabytes of data allegedly stolen from MediSecure for $50,000. The compromised data may include insurance numbers, phone numbers, addresses, full names and login details of MediSecure customers.

Mark Jones, senior partner at Tesserent, a cybersecurity company based in Thales Australia, advises healthcare organizations to be extra vigilant during this period of heightened threat. Jones recommends that healthcare organizations evaluate and strengthen their cybersecurity incident resilience plans and regularly update response strategies to protect critical information assets. “Understanding where key assets are located and assessing the effectiveness of protective measures are critical steps to ensure the readiness to respond quickly to any breaches,” he noted.

Tesserent has highlighted the need for healthcare organizations to closely manage third-party information risks. “It’s about protecting sensitive information, maintaining supply chain integrity and ensuring regulatory compliance,” Jones said. He added that managing third-party security risks is resource-intensive but essential because robust internal controls can be rendered useless if third-party vulnerabilities are exploited.

The importance of integrated cybersecurity solutions is being reiterated by cybersecurity experts in the context of rising fraud losses in Australia. National reports show that Australian citizens will have lost $2.74 billion to various scams in 2023, highlighting the urgent need for comprehensive fraud prevention strategies.

Richard Metcalfe, APJ vice president at Transmit Security, highlighted the increasing targeting of ‘identity structures’, such as Customer Identity and Access Management (CIAM) systems, due to vulnerabilities within these frameworks. “The convergence of identity management and fraud prevention into a single, orchestrated platform is no longer optional – it is a necessity,” said Metcalfe. He called for an evolution in CIAM systems with advanced threat detection and response capabilities, transforming them from gatekeepers to active defenders against cyber threats.

As the investigation into the MediSecure breach continues, industry experts agree that healthcare providers should reassess their security measures and promote a strong security culture. This breach serves as a sobering reminder that ensuring robust cybersecurity is not just a regulatory or ethical obligation, but a fundamental aspect of patient protection and trust in digital healthcare infrastructure.

Back To Top