MediSecure, a former prescription delivery service, has disclosed a significant data breach that has compromised the personal and health information of approximately 12.9 million Australians. Initially detected on April 13, 2024, the breach involved the exfiltration of 6.5TB of data by a malicious third-party actor.
Incident overview
MediSecure first notified the public of the cyber security incident on May 16, 2024. Subsequent investigations revealed that the breach impacted data from individuals who used MediSecure’s prescription delivery services between March 2019 and November 2023. The breached data includes full names, dates of birth, contact details, individual healthcare identifiers, Medicare card numbers, and detailed prescription information.
Following the breach, Vaughan Strawbridge and Paul Harlond of FTI Consulting were appointed as administrators and liquidators of MediSecure Ltd and its subsidiary, Operations MDS Pty Ltd. The administrators have since worked closely with the Australian Federal Police (AFP), Australian Signals Directorate (ASD), and other governmental bodies to manage the incident. Despite these efforts, MediSecure ceased its own investigation due to limited financial resources.
The Australian Government, through Operation Aquila, has been assisting in the investigation. The National Cyber Security Coordinator, ASD, AFP, and the Office of the Australian Information Commissioner (OAIC) have actively responded. MediSecure has urged individuals and organizations not to seek out the stolen data on the dark web, warning that doing so could further criminal activity and lead to severe legal consequences.
The compromised data includes a wide range of sensitive information, including:
- Personal identifiers: full name, date of birth, gender, email address, address, phone number, and individual healthcare identifier.
- Health-related information: Medicare card details, prescription information including the name of drugs, strength, quantity, repeats, and prescription reasons.
- Government-issued card details: Pensioner Concession, Healthcare Concession, Commonwealth Seniors, and Department of Veterans’ Affairs card numbers.
Status and recommendations
MediSecure is actively reviewing the data exposed on a dark web forum to identify impacted individuals. According to the latest status update on the MediSecure site, 12.9 million people have been impacted by the cybersecurity incident.
MediSecure wishes to inform the public that the personal and sensitive information, including contact and health information, of approximately 12.9 million Australians who used the MediSecure prescription delivery service during the approximate period of March 2019 to November 2023 was contained within MediSecure data stolen by a malicious third-party actor.
MediSecure
Individuals potentially impacted by the breach are advised to be vigilant against phishing attempts and identity-related scams. The government has provided resources for affected individuals, including guidelines on protecting personal information and recognizing scams, through various platforms like Scamwatch and the OAIC.
Acknowledging the potential psychological impact of the breach, MediSecure and the government have emphasized the availability of mental health support services. Individuals experiencing distress can access services such as Lifeline, Beyond Blue, and Headspace for assistance.
For more information on the MediSecure cyber security incident and to access support resources, individuals can visit the dedicated webpage on the Department of Home Affairs website.
Rite Aid Suffers Data Breach Impacting 2.2 Million U.S. Customers
Leave a Reply