Script provider MediSecure has gone into administration just weeks after it confirmed it was the victim of a ransomware data breach.
The health company, which provided electronic prescriptions for medications, confirmed in May that individuals’ personal and health information was compromised during the breach.
MediSecure was one of two prescription delivery services operating nationally until late 2023.
The company went into administration on Monday, with the details only released on Wednesday.
FTI Consulting’s Vaughan Strawbridge and Paul Harlond have been appointed administrators of MediSecure, as well as liquidators of a MediSecure subsidiary called Operations MDS.
In a statement to Information Age, Strawbridge said MediSecure’s subsidiary had been in contact with the Australian government following the cyber breach.
"Our role as administrators and liquidators includes investigating the affairs of the company to identify reasons for its failure, and to examine options that may be available to recover assets for the benefit of creditors of the companies,” he said.
"We will be speaking to the Australian government about what they need from the company and the next steps in the response to the cyber incident."
The first meeting of MediSecure’s creditors is expected to be held in mid-June.
Bailout request denied
MediSecure requested a bailout from the federal government in May, which was reportedly the first time a request for financial support had been made by a private company in the wake of a cyber attack.
The government denied the request.
In a statement released on Friday, MediSecure defended its request for financial assistance.
"MediSecure wishes to clarify that it sought funding from the Commonwealth government for the limited and confined purpose of assisting with the costs associated with responding to the incident, and the request was not for funding MediSecure's operational costs unrelated to the cyber attack," it said.
National cyber security coordinator Michelle McGuinness previously said the Australian Federal Police and Australian Signals Directorate were also looking into the breach.
In May 2023 the federal government changed providers for the national prescription delivery service, which is now run by eRx Script Exchange.
Detail on stolen data delayed
Some of the information breached in the MediSecure attack later allegedly appeared for sale on a popular Russian-language hacking forum, but it remains unclear how many individuals' data may have been impacted.
In a statement on Friday, MediSecure said it was working with cyber and forensic experts “to endeavour as quickly as possible to confirm the extent of the data breach and all individuals impacted".
Home affairs and cyber security minister Clare O'Neil said she had asked the company to notify affected individuals and publish what it knew about the compromised data.
"It has taken an unacceptably long time for MediSecure to provide clarity on the details of data that may have been stolen from them in the recent data breach," she said in a statement on Friday, ABC News reported.
"At this stage, we do not know the extent of the breach. However, people who may be affected need to be equipped with that knowledge so they can take appropriate precautions.
"The public would reasonably expect more regular updates on the progress of that process."
The Department of Home Affairs says prescriptions will continue to work as normal, and there is no known risk to the current national prescription delivery service.
In its advice, the department says individuals should maintain their online security by setting up multi-factor authentication on their accounts, creating strong and unique passwords, and installing software updates regularly.
MediSecure's shift into voluntary administration comes as Australia's privacy watchdog prepares to take health insurer Medibank to court, alleging it “seriously interfered” with the privacy of millions of people in relation to its 2022 data breach.
