Fraud Management & Cybercrime , Geo-Specific , Incident & Breach Response
E-Prescription Vendor Breach Affects 12.9 Million Aussies
MediSecure Data Theft Has an Impact on Nearly Half of Australia's PopulationHackers stole sensitive information belonging to roughly half of Australia's population during an April ransomware attack against e-prescription firm MediSecure, which says it can't afford the incident's "significant" response costs.
See Also: The Expert Guide to Mitigating Ransomware & Extortion Attacks
Australia's main cybersecurity agency said Friday that personal and health information of 12.9 million individuals was potentially compromised in the MediSecure hacking incident that occurred in April (see: Australia Investigating Large-Scale Medical Billing Hack). Australia's population is about 27 million.
Australia's The Age reported in May that a hacker put the entire dataset up for sale on a Russian hacking forum for $50,000.
Information affected by the MediSecure hack pertains to prescriptions distributed by MediSecure from approximately March 2019 to November 2023.
The company said Friday it sought assistance from the Australian government to cover breach notification cost, but was turned down - causing the company to announce its liquidation. Two Australian-based officials of consulting firm FTI Consulting, which has been assisting in incident-related work, were appointed in early June as "voluntary administrators" and "liquidators of operations" for the company.
"The appointments were required given the limited financial resources of MediSecure," the company said. MediSecure was one of two prescription delivery services operating nationally. It lost in May 2023 a contract with the Canberra government for medication delivery to rival Fred IT Group's eRx Script Exchange. The ransomware incident did not affect the other company, the Australian government said.
MediSecure, the Australian Department of Home Affairs, and FTI Consulting did not immediately respond to Information Security Media Group's requests for additional details about the incident, including the cost of response.
The hacked MediSecure database contained the personal and health information of patients, as well as healthcare provider information, the company said in a statement Friday.
The wide range of information affected includes names, birthdates, addresses, phone numbers, email addresses and prescription medication information - including name of drug, strength, quantity, refills and reason for prescription.
Compromised data also could include government identifiers. "The types of information impacted may increase the likelihood of Australians being targeted by phishing, identity-related crime and cyber scam activities," MediSecure said.
Attack Details
MediSecure said that on April 10 it became aware of the incident when it discovered a database server had been encrypted by suspected ransomware. An investigation determined that 6.5 terabytes of data stored on the server was likely exfiltrated by a malicious third-party actor, but "the encrypted server could not be examined to ascertain the information specifically accessed," the company said.
Because the affected server likely included the personal and health information of potentially a large number of individuals, MediSecure notified the Office of the Australian Information Commissioner and engaged with the National Office of Cyber Security, the Department of Health and Aged Care and several other agencies, the company said.
With assistance from IT specialists, MediSecure on May 17 was able to restore a complete backup of the affected server and took immediate steps to investigate the affected information. "The nature and volume of the data however made the forensic analysis very complex and time-consuming," MediSecure said, and it required additional support from cyber and forensic experts at a third-party firm in collaboration with government agencies.