In one of the largest cyber breaches in Australian history, MediSecure, a former provider of digital prescriptions, has revealed that hackers earlier this year stole the personal and medical data of approximately 12.9 million Australians.
This large number represents almost half of the country’s people, making it an unusually big breach. This event has raised big worries about keeping data safe and making sure companies are responsible with personal information.
The incident came to light on April 14, 2024, when MediSecure discovered that one of its database servers had been encrypted, likely by ransomware. Initially, the company did not disclose the full extent of the breach. However, recent updates from administrators have revealed the shocking scope of the data theft.
What is the Data Stolen?
The compromised information includes a wide range of sensitive personal and medical details:
- Full names
- Phone numbers
- Home addresses
- Dates of birth
- Medicare numbers and card expiry dates
- Prescribed medications, including drug names, strengths, quantities, and repeats
- Reasons for prescriptions
- Medication instructions
The hackers absconded with an enormous 6.5 terabytes of data, equivalent to a vast amount of textual information.
Challenges in Identifying Affected Individuals
The breach has had significant consequences for both MediSecure and the affected individuals:
- MediSecure entered voluntary administration in June 2024 following the federal government’s refusal to provide a financial bailout.
- The company has since appointed liquidators, effectively ceasing operations.
- The Australian government has reassigned the ePrescription service to Fred IT’s eScript Exchange, which became the sole provider of electronic prescriptions to Australians.
Administrators from FTI Consulting have stated that while the number of affected Australians is known, identifying specific individuals has proven challenging due to the vast amount of compromised data.
MediSecure cannot afford to accurately identify all affected individuals due to the complex nature of the information.
The breach report reads that “MediSecure has worked closely with the National Cyber Security Coordinator, AFP, ASD, and the Office of the Australian Information Commissioner to respond to the Incident in a way consistent with Australia’s national security interests and the community’s expectations.”
Lieutenant General Michelle McGuinness, the National Cyber Security Coordinator, has addressed the situation:
- Assured the public that the breach had not disrupted prescription services and urged people to continue accessing their medications without concern.
- Cautioned against searching for the leaked data on the dark web, emphasizing the risks associated with such actions.
- Warned about potential scammers exploiting the stolen data and advised people to be wary of unsolicited requests for personal or financial information.
This massive data breach has raised serious concerns about data security and the protection of sensitive personal information in Australia. It highlights the need for stronger cybersecurity measures and more stringent regulations for companies handling such sensitive data.
As the situation continues to unfold, affected individuals are advised to remain vigilant against potential scams and to independently verify the authenticity of any requests for personal information.