Nearly 13 Million Australians Affected by MediSecure Attack
Personal and health data of almost 13 million Australians has been impacted by the cyber-attack on medical prescription provider MediSecure.
Following an investigation of a dataset accessed by the attackers in May 2024, the company has determined that 12.9 million individuals who used the MediSecure prescription delivery service during the period of March 2019 to November 2023 have been impacted by the incident. This includes information relating to patient prescriptions.
This assessment, published on July 18, was based on an analysis of individuals’ healthcare identifiers.
The dataset encompasses a range of personal and health information, much of which is sensitive in nature:
- Personal – full name; title; date of birth; gender; email address; home address; phone number
- Health – individual healthcare identifier (IHI); Medicare card number and expiry; Pensioner Concession card number and expiry; Commonwealth Seniors card number and expiry; Healthcare Concession card number and expiry; Department of Veterans’ Affairs (DVA) (Gold, White, Orange) card number and expiry; prescription medication, including name of drug, strength, quantity and repeats; reason for prescription and instructions
As the impacted server consisted of an extremely large volume of semi-structured and unstructured data stored across a variety of data sets, MediSecure said it was not practical to specifically identify all impacted individuals.
MediSecure was able to restore a complete backup of the server, enabling it to undertake the investigation.
The company warned that the types of information impacted may increase the likelihood of Australians being targeted by phishing, identity-related crime and cyber scam activities.
The forensic analysis of the published data was carried out in collaboration with McGrathNicol Advisory, the National Cyber Security Coordinator and the National Office of Cyber Security (NOCS).
Understanding the Impact of the MediSecure Attack
On May 16, MediSecure, revealed it had suffered a “large scale” ransomware attack, which had been caused by breach of a third-party supplier.
In an update on May 24, the Melbourne-based company said that a data set containing the personal information and limited health data of its customers has been posted onto a dark web forum by an unidentified cybercriminal group.
Over 6.5TB of data was purportedly offered for sale for $50,000 on the dark web forum.
MediSecure said it has been working with the Australian government with a view to notifying impacted individuals as soon as possible.
It also confirmed it was denied a request for funding from the Commonwealth Government to assist with the costs of responding to the incident. MediSecure also entered voluntary administration in June 2024, appointing liquidators.
Responding to MediSecure’s latest update, Australia’s Department of Home Affairs emphasized that national prescription delivery service, eRx, has not been affected by the incident, and prescriptions should continue to work as normal for patients.