MediSecure data breach following ransomware attack affects millions of patients

A recent ransomware attack against healthcare firm MediSecure resulted in the theft of sensitive data belonging to almost 13 million people, the company has confirmed.

Australian prescription delivery service provider MediSecure suffered a ransomware attack in April 2023, notifying the public a month later, saying it suffered a “cyber security incident”, bringing in third-party cybersecurity experts, and notified the relevant authorities.

Now, after concluding its investigation, the company confirmed that the attackers stole personally identifiable information (PII) on approximately 12.9 million people.

Names, addresses, and phone numbers

"MediSecure can confirm that approximately 12.9 million Australians who used the MediSecure prescription delivery service during the approximate period of March 2019 to November 2023 are impacted by this Incident based on individuals’ healthcare identifiers. However, MediSecure is unable to identify the specific impacted individuals despite making all reasonable efforts to do so due to the complexity of the data set."

Being unable to identify the specific impacted individuals is rather curious, since the information stolen includes people’s names, dates of birth, postal addresses, phone numbers, email addresses, individual healthcare identifiers (IHI), Medicare card numbers, prescription medication details, the reason for the prescription and instructions on how to use the drugs.

Furthermore, the archive includes Pensioner Concession, Commonwealth Seniors, Healthcare Concession, and Department of Veterans’ Affairs (DVA) (Gold, White, Orange) card numbers.

Usually, law enforcement agencies will advise organizations against paying the ransom in exchange for the decryption key. Instead, they suggest firms keep fresh backups at hand, at all times, to be able to restore their systems swiftly, and resume operations as soon as possible. MediSecure seems to have done just that, as it said that on 17 May it “successfully restored a complete backup of the server”.

Via BleepingComputer

More from TechRadar Pro

• My fake company was hit by a ransomware attack — here’s what I learned to do, and what not to do
• Here's a list of the best malware removal tools around today
• These are the best endpoint security tools right now