MediSecure hack Australia’s worst so far
19 July 2024
eScripts provider MediSecure has revealed that 12.9M Australians had their data stolen in a hack earlier this year, making it one of the largest cyber breaches in Australian history.
MediSecure, which facilitates electronic prescriptions and dispensing, confirmed in May it was the victim of a ransomware attack, following an earlier theft of data which continued until November 2023.
The company went into voluntary administration in June after the federal government ruled out a financial bailout.
Sensitive Patient Data Lost
In a statement released late Thursday afternoon, MediSecure gave details about the kinds of data stolen, including full names, phone numbers, dates of birth, home addresses, Medicare numbers, and Medicare card expiry dates. The 6.5 terabytes of data also included some sensitive health information, such as which medications people were prescribed, the name of the drug, dosage, the reason for their prescription, and instructions for taking the medication.
Inadequate Protection
MediSecure said it was unable to identify specific impacted individuals “due to the complexity of the data set" and that doing so would have come at a "substantial cost that MediSecure was not in a financial position to meet".
A tiny sample of the data was published on a dark web forum following the hack, and the larger data set was listed as being for sale, for $50,000. It's not clear whether the data was sold, but it's considered likely.
Vigilance Urged
Cyber security experts have urged Australians to remain vigilant for signs of fraud being committed using their medical data.
Said one: "If contacted by someone claiming to be a medical or other service provider, including financial service provider, seeking personal, payment or banking information, you should hang up and call back on a phone number you have sourced independently."
Avoiding becoming the Next MediSecure
Now in liquidation, MediSecure is an example of how not to protect the sensitive customer data entrusted to your organisation.
One of your best defences against hackers is to centrally control the flow of data into and out of your organisation. Managed File Transfer (MFT) software does that for you.
But MFT does more than just provide centralised control. It also offers encryption, efficiency boosts and auditing capabilities. Using enhanced security protocols, it ensures data privacy during transmission and storage.
And it also provides detailed audit-ready logs which detail which data has been accessed and by who.
Expert Local Advice
At Generic Systems Australia, we’re the Asia-Pacific’s experts on the world’s #1 MFT, GoAnywhere.
If you’d like an obligation-free discussion about how we could help you keep your organisation safe from cyber thieves, please feel welcome to get in touch.
Attribution: This article was largely sourced from Australia’s ABC News service