More information is now available about the MediSecure data breach that took place in April, and the news is not good: about 12.9 million records are thought to have been stolen by the hackers, making it one of Australia’s largest breaches.
This puts the incident roughly on par with the major breaches seen in recent years at Optus, Medibank and Latitude, at least in terms of total record count. This data breach does include potentially sensitive details of pharmacy prescriptions, but an apparent lack of structure to the stolen database means that these health details might not be directly linked with the names and identification numbers also included in the theft.
MediSecure hit as company was struggling with loss of government contract
The data breach window runs from March 2019 to November 2023, but the incident was not uncovered by MediSecure until April. The document theft was instead seemingly put to a stop accidentally, as MediSecure lost its license to serve as an ePrescription service for the national government. Only one such provider remains, eRx Script Exchange, which the government says is not at all impacted by the breach.
The discovery of the data breach seems to have put the final nail in the coffin for MediSecure, which has recently gone into voluntary administration and will likely be liquidated to fulfill creditor obligations. The company says that it ceased its investigation into the breach in May, though the hackers remain active with the data and have been spotted offering it for sale for $50,000 USD on an underground forum.
All of this means that Australians, already weary from two years of highly sensitive personal information being leaked from various sources, are likely on their own for self-defense against follow-on attacks using the MediSecure data. It seems unlikely at this point that individuals will be contacted about having their data exposed, as was the case in some of these prior breaches. However, the Department of Home Affairs cautions that Australians should not go searching for their own data as they may inadvertently open new doors for attackers. They are instead advised to keep a close eye out for possible scam attempts and follow up with the government’s “Scamwatch” program if they spot anything suspicious.
6.5 TB of “semi-structured” data stolen in ransomware attack
The attackers deployed ransomware, causing a long delay in restoring systems from backups. The struggling company did not appear to pay anything, however, and the attackers are now seeking to sell the stolen data privately.
It remains unclear how much trouble impacted victims can expect from this incident, as the database was described as being at least in part “unstructured” and the personal identifiers may not have been readily linked to the prescription information. This is the reason why victims may not be contacted by the government about data exposure, but also may prevent a more serious abuse of the stolen information.
It has been confirmed that some full names and national health identification numbers have been leaked, but how closely or readily they are tied with the leaked prescription information remains in question. At the prescription end the hackers were able to access drug types and dosages prescribed along with their dates and the medical conditions they are meant to address.
The inclusion of names and ID numbers does point to possible future use in phishing attempts, however, which might make use of this uncertainty about the data breach to convince targets to follow malicious links.