July 19, 2024 at 01:10PM
MediSecure, an Australian prescription delivery service, suffered a ransomware attack resulting in the theft of personal and health information of approximately 12.9 million users. The breach led to a shutdown of their website and phone lines, with the stolen data since being restored from a server backup. The impacted information includes prescription details and sensitive personal data.
The meeting notes outline the details of a significant cybersecurity incident at MediSecure, an Australian prescription delivery service provider. Approximately 12.9 million people had their personal and health information stolen in a ransomware attack in April. The company had to shut down its website and phone lines to contain the breach and disclosed it as a “cyber security incident” on May 16. The Australian National Cyber Security Coordinator described it as a “large-scale ransomware data breach.”
During the investigation, MediSecure found that 6.5TB of data was stolen by the threat actors, but it has since been restored from a server backup. The impacted information includes prescriptions distributed by MediSecure until November 2023, including a wide range of sensitive data such as names, dates of birth, addresses, contact information, individual healthcare identifiers, Medicare card numbers, prescription medication details, and various types of concession and card numbers.
MediSecure confirmed that approximately 12.9 million Australians who used their prescription delivery service between March 2019 and November 2023 are affected by the breach. However, due to the complexity of the data set, the company is unable to identify the specific impacted individuals despite making all reasonable efforts to do so.
The Australian National Cyber Security Coordinator issued a warning to be vigilant for potential scams related to the data breach and advised not to respond to unsolicited contact referencing the breach. Individuals were also cautioned to be wary of unsolicited requests for personal, payment, or banking information and to independently source phone numbers when contacted by service providers.
It’s important to note that MediSecure was replaced by another company, Fred IT Group’s eRx Script Exchange, in late 2023.
In summary, the meeting notes provide a comprehensive overview of the ransomware attack, the data impacted, and the recommended precautions for individuals affected by the breach.