Cyberattack on prescription service MediSecure affects 13 million Australians
By Angus Dalton
Almost 13 million Australians had personal and health-related data stolen in the MediSecure cyberattack earlier this year, making the hack one of the nation’s largest.
The Melbourne-based online prescription service company said it was the victim of a ransomware data breach in May. A week later, a hacker claiming to possess 6.5 terabytes of data put at least some of the information up for sale on a Russian hacking forum.
MediSecure was hit by a cyberattack earlier this year.Credit: Elise Amendola
MediSecure entered voluntary administration in June, and on Thursday its administrators confirmed 12.9 million Australians who used the prescription service between March 2019 and November 2023 had data stolen by a malicious third-party actor.
But the company said it wasn’t able to identify who was affected by the breach because of the costs involved in analysing the data.
“This made it not practicable to specifically identify all individuals and their information impacted by the incident without incurring substantial cost that MediSecure was not in a financial position to meet,” the administrators, FTI Consulting, said in a statement.
The stolen data included names, home addresses, phone numbers, Medicare card numbers and “limited health information”, the statement said.
The company is reviewing a subset of personal information that has been exposed on the dark web to identify and notify those affected.
The federal government was not aware of publication of the full data set, the government’s national cyber security coordinator, Lieutenant General Michelle McGuinness, said on X.
“No one should go looking for or access stolen sensitive or personal information from the dark web,” McGuinness said on Thursday. “This activity only feeds the business model of cyber criminals and can be a criminal offence.
“I understand many Australians will be concerned about the scale of this breach. I encourage everyone, whether impacted in this incident or not, to be alert to being targeted in scams.”
The national prescription delivery service, eRx, was not affected by this cyber incident, the government confirmed.
“Importantly, there continues to be no impact to the current national prescription delivery service, and people should keep accessing their medications and filling their prescriptions,” McGuinness said.
The incident follows cyberattacks on Optus and Medibank in 2022, with each affecting about 10 million people.
With AAP