iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
FTI Consulting has been appointed as voluntary administrators of e-prescription firm MediSecure in the wake of a breach totalling 6.5 terabytes of data in May.
Embattled e-prescription service MediSecure has entered into voluntary administration following a data breach in May that saw 6.5 terabytes of patient and physician information posted for sale on a hacking forum.
Vaughan Strawbridge and Paul Harlond of FTI Consulting were appointed as voluntary administrators on 3 June and as liquidators of operations on 4 June.
Control of MediSecure has now passed to the firm.
“We recognise the significant concern and the impact of the recent cyber incident. The company has been in contact with the Australian government with respect to providing information in response to that incident,” Strawbridge said in a 5 June statement.
“Our role as administrators and liquidators includes investigating the affairs of the company to identify reasons for its failure and to examine options that may be available to recover assets for the benefit of creditors of the companies.
“We will be speaking to the Australian government about what they need from the company and the next steps in the response to the cyber incident.”
The initial hack was first revealed on 16 May, after the National Cyber Security Coordinator had warned of a “large-scale ransomware data breach incident”. A week later, a hacker by the name of Ansgar claimed responsibility for the hack and posted several files of sample data on a popular hacking forum. The data was for sale for US$500,000.
MediSecure immediately began working with Australian government authorities to investigate and remediate the incident.
However, things appeared to come to a head on 31 May, when Minister for Cyber Security Clare O’Neil called the company out over the “unacceptably long time” it was taking to report on how many people had been impacted by the breach, with the company releasing its last statement on the matter at the same time.
“In light of recent media reports, MediSecure wishes to clarify that it sought funding from the Commonwealth government for the limited and confined purpose of assisting with the costs associated with responding to the incident, and the request was not for funding MediSecure’s operational costs unrelated to the cyber attack,” MediSecure said on its website.
“In any event, that request was denied.
“MediSecure has to date continued to work closely with the National Cyber Security Coordinator, the Australian Federal Police, the Australian Signals Directorate, and the Office of the Australian Information Commissioner in a manner consistent with Australia’s national security interests and the community’s expectations.”
That work will now be undertaken by FTI Consulting.
An initial meeting of MediSecure’s creditors will take place on 14 June 2024.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
