Australian cyber chief announced Friday an “unwelcome development” in the recently disclosed MediSecure data breach. A hacker claimed to possess the patient data likely siphoned during the ransomware attack and listed it for sale on a Russian hacking forum for $50,000.
“We are aware a dataset purporting to be from the MediSecure breach has been advertised for sale on a dark web marketplace, along with a sample of the data,” said Australia’s National Cyber Security Coordinator, Lieutenant General Michelle McGuinness.
She said that all federal agencies involved in the response to the data breach incident “are aware of the advertisement” and “are working with MediSecure to verify the data that has been posted online.”
MediSecure, only one of the two providers of electronic prescription services to healthcare professionals in Australia, announced last week that it had fallen victim to a large-scale ransomware attack. Preliminary investigation over the weekend revealed that it was an “isolated” attack and no impact on current e-Prescriptions was observed. However, personal and health data of its customers and providers until November 2023 was likely accessed, the company confirmed.
The Australian Federal Police and Australian Signals Directorate are now investigating and responding to the incident under joint standing arrangements of Operation Aquila.
The Hacker Claim and Attempted Sale
A week after the MediSecure data breach incident became public, a Russian hacking forum member claimed to have 6.5 terabytes of data including personal information of thousands of Australians, available for sale.
The post on the forum read, “For sale: Database of an Australian medical prescriptions company MedSecure [sic].” It detailed the information available, including citizens’ insurance numbers, phone numbers, addresses, full names, supplier and contractor information, emails, username and passwords for the MediSecure website, prescription details and IP addresses of site visitors.
The forum member stated they would sell the information to only one buyer.
Hacktivist tracker CyberKnow group indicated that their research suggested the forum post was likely legitimate. They noted the threat actor created this Russian hacker forum account on May 15, likely for the sole purpose of selling the stolen MediSecure data. CyberKnow group said the actor’s pivot to the new forum could also be due to the recent seizure of BreachForums. The threat actor has not posted anything else to the forum.
“It appears from the limited information that this is not a traditional ransomware extortion shakedown and it begs to wonder if there was any negotiation or extorting attempt between the threat actor and Medisecure,” CyberKnow group said.
“Australians should recognize that the cyberthreat landscape is diverse, and groups and actors can impact businesses regardless of their capability, organization, or structure,” it added.
The cyber chief McGuinness warned Australians against searching for this alleged MediSecure data set. “Accessing stolen sensitive or personal information on the dark web only feeds the business model of cybercriminals,” she said.
“While this is an unwelcome development, I want to again assure Australians that if individuals are at risk of serious harm through the publication of their information, then we will work with MediSecure to make sure that individuals are appropriately informed, so they may take steps to protect themselves from any further risk to their personal information.”
Hack Calls for Stricter Legislative Reforms
Earlier this week, Australian Privacy Commissioner Carly Kind accepted there are ongoing challenges in how organizations collect and protect customer data. She said, “any major data breach reinforces the reality of today’s world: there are increasing cyber threats and continual challenges to digital defenses.”
Kind advised organizations to prioritize protecting individuals’ personal information, review and improve their practices and only collect necessary information. She urged, “Know what information you hold. And if that information is not necessary to your business, delete it.”
She also called for urgent legislative reforms to ensure all Australian organizations build the highest levels of security into their operations.
“The coverage of Australia’s privacy legislation lags behind the advancing skills of malicious cyber actors. Reform of the Privacy Act is urgent, to ensure all Australian organizations build the highest levels of security into their operations and the community’s personal information is protected to the maximum extent possible,” Kind said.
The OAIC’s office is additionally investigating whether MediSecure complied with federal laws requiring companies to notify authorities of a data breach.
Media Disclaimer: This article is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.