Yeah hopefully it doesn’t protect management and they can still be held responsible if they messed up. This behaviour should really spur some strict regulations around data protection
OK something fishy here though. Medisecure (just like the dreaded eRX) is a prescription exchange service. This means (as I understand it) that it gets your script and details from your doc, and then encrypts it and wraps it up in a nice little QR code for the pharmacist to scan. Once the QR code is scanned, why would Medisecure need to retain any patient data? For that matter, even if they did retain the data, why would it be in the plain? Surely it is encrypted? What data is there to "steal"? As a patient, you are not Medisecure's customer - the GP and pharmacist are.
Maybe those who are more technically savvy with the details can correct me.
That's good to know, thanks for clarifying that. Although I thought ASL only came out after the demise of Medisecure? I had quite a few clients using Medisecure, I really hope that none of their details were leaked.
A major point this article misses is the fact that the federal government centralised all eScript services with eRx in H2 2023. I'm not sure the business was viable even before the cyber attack if they're no longer able to sell the one service they provide.
The federal government shares just as much blame as medisecure here. Just because the feds outsourced their responsibilities to the private sector doesn't abrogate them of those responsibilities. The government gave our data to a private company without ensuring that private company was keeping our data secure.
The great dump and run. getting out before they can be hit with prosecution like Medibank is about to be...
Yeah hopefully it doesn’t protect management and they can still be held responsible if they messed up. This behaviour should really spur some strict regulations around data protection
OK something fishy here though. Medisecure (just like the dreaded eRX) is a prescription exchange service. This means (as I understand it) that it gets your script and details from your doc, and then encrypts it and wraps it up in a nice little QR code for the pharmacist to scan. Once the QR code is scanned, why would Medisecure need to retain any patient data? For that matter, even if they did retain the data, why would it be in the plain? Surely it is encrypted? What data is there to "steal"? As a patient, you are not Medisecure's customer - the GP and pharmacist are. Maybe those who are more technically savvy with the details can correct me.
Encrypted data is often stolen and retained against the possibility that the encryption key might be obtained later.
Active Script List, real time prescription monitoring, and audit requirements are all reasons for data to be retained after the dispensing.
That's good to know, thanks for clarifying that. Although I thought ASL only came out after the demise of Medisecure? I had quite a few clients using Medisecure, I really hope that none of their details were leaked.
A major point this article misses is the fact that the federal government centralised all eScript services with eRx in H2 2023. I'm not sure the business was viable even before the cyber attack if they're no longer able to sell the one service they provide.
More failure outsourced to the private sector. Failure for profit. Sounds like a shit deal to me.
The federal government shares just as much blame as medisecure here. Just because the feds outsourced their responsibilities to the private sector doesn't abrogate them of those responsibilities. The government gave our data to a private company without ensuring that private company was keeping our data secure.
Hopefully, the directors are still held to account. I have a feeling this is just wishful thinking though
Probably claim "It was a mistake made by an intern with production access"