MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack.
The company was forced to shut down its website and phone lines to contain the attack, disclosing it on May 16 as a “cyber security incident.”
At the time, the Australian National Cyber Security Coordinator (NCSC), who was helping MEdiSecure to mitigate the breach, described it as a “large-scale ransomware data breach.”
While investigating the ransomware attack, MediSecure found that the threat actors stole 6.5TB of data, which has since been restored from a server backup.
“On 13 April 2024, MediSecure was made aware of the Incident when it was discovered a database server had been encrypted by suspected ransomware. On 17 May 2024, with the assistance of IT specialists, MediSecure successfully restored a complete backup of the server and took immediate steps to investigate the impacted information,” the company said in a Thursday statement.
“MediSecure can confirm that approximately 12.9 million Australians who used the MediSecure prescription delivery service during the approximate period of March 2019 to November 2023 are impacted by this Incident based on individuals’ healthcare identifiers. However, MediSecure is unable to identify the specific impacted individuals despite making all reasonable efforts to do so due to the complexity of the data set.”
The personal and health information impacted by this breach relates to prescriptions distributed by MediSecure until November 2023, including names, dates of birth, addresses, contact information (phone numbers and email addresses), individual healthcare identifier (IHI), Medicare card numbers, prescription medication (name of drug, strength, and quantity), and reason for prescription and instructions.
It also included Pensioner Concession, Commonwealth Seniors, Healthcare Concession, and Department of Veterans’ Affairs (DVA) (Gold, White, Orange) card numbers.
“Be on the lookout for scams referencing the MediSecure data breach, and do not respond to unsolicited contact that references the data breach experienced by MediSecure.” the Australian National Cyber Security Coordinator warned on Thursday.
“If contacted by someone claiming to be a medical or other service provider, including financial service provider, seeking personal, payment or banking information you should hang up and call back on a phone number you have sourced independently.”
MediSecure was one of two Australian prescription delivery services until late 2023 when it was replaced by another company, Fred IT Group’s eRx Script Exchange (eRx).