Pierluigi Paganini July 19, 2024

Personal and health information of 12.9 million individuals was exposed in a ransomware attack on Australian digital prescription services provider MediSecure.

MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia.

In May, the company was forced to shut down its website and phone lines following a cyber attack, but it did not mention a ransomware attack. Threat actors gained access to the personal and health information of an undisclosed number of individuals.

“MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems.” reads the statement published by the company. “While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”

The company investigated the security breach with the help of the National Cyber Security Coordinator, it also notified the Office of the Australian Information Commissioner and other relevant authorities.

The ransomware attack resulted in the theft of the personal and health information of 12.9 million individuals. The incident impacted individuals who received services from MediSecure between March 2019 and November 2023. The threat actors stole 6.5TB of data from a company’s server.

“MediSecure can confirm that approximately 12.9 million Australians who used the MediSecure prescription delivery service during the approximate period of March 2019 to November 2023 are impacted by this Incident based on individuals’ healthcare identifiers. However, MediSecure is unable to identify the specific impacted individuals despite making all reasonable efforts to do so due to the complexity of the data set.” reads a company’s statement on cyber security incident. “The impacted server analysed by McGrathNicol Advisory consisted of an extremely large volume of semi-structured and unstructured data stored across a variety of data sets.”

The stolen data includes the reason for the prescription and instructions, full name, title, date of birth, gender, email address, address, phone number, individual healthcare identifier (IHI), Medicare card number, including individual identifier, and expiry, Pensioner Concession card number and expiry, Commonwealth Seniors card number and expiry, Healthcare Concession card number and expiry, Department of Veterans’ Affairs (DVA) (Gold, White, Orange) card number and expiry, prescription medication, including name of drug, strength, quantity and repeats; and reason for prescription and instructions.

The company warns that the stolen data can be used to carry out scams, phishing attacks, and identity theft against Australians.

MediSecure announced that it is reviewing the data set exposed on the dark web, the company has been working with the Commonwealth Government to identify impacted individuals and notify as soon as possible.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, MediSecure)