Sign Up
BlogNews18TH JUL 2024
AuthorSamir Yawar
3 min read
News

MediSecure data breach puts almost 13 million Australians at risk

Twitter
Facebook
WhatsApp
Email
LinkedIn
blog image for medisecure data breach
BlogNews18TH JUL 2024
3 min read
News

MediSecure data breach puts almost 13 million Australians at risk

AuthorSamir Yawar
Twitter
Facebook
WhatsApp
Email
LinkedIn
blog image for medisecure data breach

MediSecure, a prominent Australian prescription delivery service provider, has disclosed a significant data breach that compromised the personal and health information of approximately 12.9 million individuals. The breach occurred during a ransomware attack in April, leading to the theft of sensitive data.

In response to the attack, MediSecure promptly shut down its website and phone lines to contain the breach, officially announcing the incident on May 16. The Australian National Cyber Security Coordinator (NCSC), who assisted MediSecure in mitigating the breach, described it as a "large-scale ransomware data breach."

We take a look at what was stolen and what measures need to be taken post the Medisecure data breach. catphishing

1. What has been stolen in the MediSecure data breach?
2. Who has been affected by the MediSecure data leak?
3. What measures should be taken post Medisecure data theft?

What has been stolen in the MediSecure data breach?

Medisecure logo

During the investigation, MediSecure discovered that the attackers had stolen 6.5TB of data. The company has since restored the data from a server backup.

A statement from MediSecure apprised the media of the development:

On April 13, 2024, MediSecure became aware of the incident when it was discovered that a database server had been encrypted by suspected ransomware. On May 17, 2024, with the assistance of IT specialists, MediSecure successfully restored a complete backup of the server and took immediate steps to investigate the impacted information."

Who has been affected by the MediSecure data leak?

The MediSecure data breach confirmed that approximately 12.9 million Australians who used their prescription delivery service between March 2019 and November 2023. Due to the complexity of the data set, the company has been unable to identify specific impacted individuals despite extensive efforts.

The compromised personal and health information includes names, dates of birth, addresses, contact details (phone numbers and email addresses), individual healthcare identifiers (IHI), Medicare card numbers, prescription details (medication name, strength, quantity, and reason for prescription), and instructions. Additionally, Pensioner Concession, Commonwealth Seniors, Healthcare Concession, and Department of Veterans’ Affairs (DVA) (Gold, White, Orange) card numbers were also exposed.

What measures should be taken post Medisecure data theft?

The Australian National Cyber Security Coordinator has advised individuals to be cautious of scams related to the MediSecure data breach

Be on the lookout for scams referencing the MediSecure data breach, and do not respond to unsolicited contact that references the data breach experienced by MediSecure."

"If contacted by someone claiming to be a medical or other service provider, including financial service provider, seeking personal, payment, or banking information, you should hang up and call back on a phone number you have sourced independently," the NCSC added.

Until late 2023, MediSecure was one of two Australian prescription delivery services, before being replaced by Fred IT Group's eRx Script Exchange (eRx).

Recently, top telecom services provider AT&T was also hit by a cyber attack which resulted in a massive data leak.

Samir Yawar
Samir Yawar / Content Lead
Samir wants a world where people can instinctively whack online scams and feel accomplished without the need for psychic powers. As an ISC2 member, he is doing his bit to turn cybersecurity awareness training into a fun concept with simple, approachable and accessible content. Reach out to him at X @yawarsamir
blog image for regions impacted by cyber attacks DBIR 2024
Read NextDBIR 2024: Top 3 Regions Most Impacted By Cyber Attacks
News
FAQsFrequently Asked Questions
An insider breach refers to a security incident where an individual with authorized access to an organization's systems and data intentionally or inadvertently compromises sensitive information. This can include employees, contractors, or business partners.
Information at risk in a data breach can include personal details (names, addresses, social security numbers), financial information (credit card numbers, bank account details), login credentials, medical records, and other sensitive data. The severity of the breach depends on the type and amount of information compromised.