Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

MediSecure data breach following ransomware attack affects millions of patients

Security.

A recent ransomware attack against healthcare firm MediSecure resulted in the theft of sensitive data belonging to almost 13 million people, the company has confirmed.

Australian prescription delivery service provider MediSecure suffered a ransomware attack in April 2023, notifying the public a month later, saying it suffered a “cyber security incident”, bringing in third-party cybersecurity experts, and notified the relevant authorities.

Now, after concluding its investigation, the company confirmed that the attackers stole personally identifiable information (PII) on approximately 12.9 million people.

Names, addresses, and phone numbers

"MediSecure can confirm that approximately 12.9 million Australians who used the MediSecure prescription delivery service during the approximate period of March 2019 to November 2023 are impacted by this Incident based on individuals’ healthcare identifiers. However, MediSecure is unable to identify the specific impacted individuals despite making all reasonable efforts to do so due to the complexity of the data set."

Being unable to identify the specific impacted individuals is rather curious, since the information stolen includes people’s names, dates of birth, postal addresses, phone numbers, email addresses, individual healthcare identifiers (IHI), Medicare card numbers, prescription medication details, the reason for the prescription and instructions on how to use the drugs.

Furthermore, the archive includes Pensioner Concession, Commonwealth Seniors, Healthcare Concession, and Department of Veterans’ Affairs (DVA) (Gold, White, Orange) card numbers.

Usually, law enforcement agencies will advise organizations against paying the ransom in exchange for the decryption key. Instead, they suggest firms keep fresh backups at hand, at all times, to be able to restore their systems swiftly, and resume operations as soon as possible. MediSecure seems to have done just that, as it said that on 17 May it “successfully restored a complete backup of the server”.

Via BleepingComputer

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.