Investigation Finalized by MediSecure Following Cyber Assault
As of December 2023, the Australian Government is yet to become aware of the publication of the full data set from the MediSecure cyber attack, which impacted the personal and sensitive information of around 12.9 million Australians.
Background
MediSecure, an Australian healthcare data processor, was responsible for managing prescription data. Despite several significant data breaches in the Australian healthcare sector in recent years (such as those at Optus and Medibank), MediSecure has not been prominently linked to a data theft of such magnitude.
Possible Confusion
It is possible that the discussion stems from another highly publicised Australian cyber attack. Medibank, one of Australia's largest health insurers, suffered a severe data leak at the end of 2022, resulting in the theft of sensitive data from nearly 10 million customers. Optus, a major telecommunications provider, reported an attack in September 2022 that affected around 9.8 million customers.
In both these high-profile cases, the identities of the perpetrators were not made public. The Australian authorities were still in the investigation phase, and the attackers appeared to be operating from abroad, possibly with a criminal background.
The Investigation
On May 16, 2024, the public was informed of the MediSecure cyber attack, which had first come to light in April 2024 when a database server was discovered to have been encrypted by suspected ransomware. Despite making all reasonable efforts, MediSecure could not identify the specific individuals affected due to the complexity of the data set.
The investigation indicated that approximately 6.5TB of data stored on the server was likely exfiltrated by a malicious third-party actor. The stolen information includes full name, title, date of birth, gender, email address, address, phone number, individual healthcare identifier (IHI), Medicare card number, Pensioner Concession card number, Commonwealth Seniors card number, Healthcare Concession card number, Department of Veterans' Affairs (DVA) card number, prescription medication details, reason for prescription, and instructions.
However, the encrypted server could not be examined to ascertain the specific information accessed.
Precautions and Advice
Scams referencing the MediSecure data breach should be avoided, and unsolicited contact regarding the breach should not be responded to. The national prescription delivery service in Australia has not been interrupted by the MediSecure cyber attack.
The Australian National Cybercrime Coordinator has advised being vigilant for scams and hang up on unsolicited calls claiming to be from service providers seeking personal, payment, or banking information. People are also advised not to search for the data on the dark web as it can be a criminal offence and feeds the business model of cyber criminals.
As the investigation continues, it is crucial for individuals affected by the breach to remain vigilant and take necessary precautions to protect their personal information. If you have any specific questions or wish to learn more about the MediSecure cyber attack, please provide more details.
Read also:
- Overweight women undergoing IVF have a 47% higher chance of conceiving naturally post-weight loss
- Bonsai Trees from Evergreen Species: Exploring Growth Characteristics & Distinct Qualities
- What temperatures may make walking your canine companion uncomfortable?
- Title: Information About Beovu: Potency, Form, Usage, and Additional Details
