Source: Tesserent
Latest news this afternoon is reporting that a member of a Russian hacking forum is selling 6.5 terabytes of data stolen from Australian e-prescription company MediSecure for US$50,000.
The information on an online forum claims to include information on insurance numbers, phone numbers, addresses, full names, usernames and passwords for MediSecure customers.
Tesserent, has issued the following general advice for all healthcare organisations on heightened threat levels.
Mark Jones, a Senior Partner at Tesserent, a Thales Australia cybersecurity company, warns that these unfolding developments coupled with the existing data accessed from the MediSecure breach means all healthcare organisations need to be extra vigilant at this time.
“Once again, it is evident that the healthcare sector is a prime target for those seeking access to personal information. Threat actors are continuously finding ways to compromise the personal data of Australians. This information can be pieced together to construct detailed medical histories, potentially causing significant impacts on individuals.”
“We recommend healthcare organisations evaluate and strengthen their cybersecurity incident resilience and review and update incident response plans and playbooks. It is important that they regularly test these plans both technically, and from a board and executive management perspective.
“Identify key information assets, understand where key information assets are located and assess the effectiveness of the controls in place to protect these assets. They must identify critical information assets, understand where key information assets are located and assess the effectiveness of the controls in place to protect these assets. These steps will help ensure healthcare sector organisations are prepared to take swift action if any assets are compromised,” says Mark.
Tesserent also recently released advice for the healthcare sector highlighting the importance of reviewing third parties’ information risk management.
“It’s important for organisations to protect sensitive information, safeguard intellectual property, maintain supply chain integrity, ensure compliance with regulations, and mitigate operational risks.
“Organisations should not only focus on internal controls, but also put a strong focus on managing their third-party suppliers and understand and assess the security risks they may pose. This process can be resource-intensive and time-consuming, and something that we are always assisting our clients with,” he says.
Mark says it is crucial to consider the cybersecurity risks that relationships with third parties can introduce to your environment. “Even the most robust internal security measures can become irrelevant if third parties present potential vulnerabilities,” he warns.
Mark highlights that a proactive approach is crucial to identify and close vulnerabilities before cybercriminals can exploit them.
Tesserent is one of the largest cybersecurity providers in Australia and New Zealand to all levels of Federal and State Government along with more than 1000 clients in the corporate sector. Tesserent and Thales Australia work on many of Australia’s most sensitive defence programs, with critical infrastructure operators, government departments and the corporate sector.
If you are interested in talking with Mark for further advice on steps Healthcare organisations can take to strengthen their defences against cybercrime, please contact Media-Wize’s Kathryn Goater on 0414 726 959 or Anthony Caruana on 0431 474 370.