November 21, 2024
Massive data breach compromises health information of 12.9 million Australians
Australia World

Massive data breach compromises health information of 12.9 million Australians

Sydney, July 18 – Electronic prescription provider MediSecure has revealed that the personal data of approximately 12.9 million Australians were leaked during a cyber security incident earlier this year.

On April 13, MediSecure discovered that a database server had been encrypted by suspected ransomware, before the incident was first notified to the public on May 16.

In its latest update on the data breach investigation, the Melbourne-based company said that 6.5 TB of data was likely exfiltrated by “a malicious third-party actor,” but the server could not be examined to ascertain the information specifically accessed.

“MediSecure can confirm that approximately 12.9 million Australians who used the MediSecure prescription delivery service during the approximate period of March 2019 to November 2023 are impacted by this incident based on individuals’ healthcare identifiers,” said the company, Xinhua news agency reported.

“However, MediSecure is unable to identify the specific impacted individuals despite making all reasonable efforts to do so due to the complexity of the data set,” it added.

The kinds of leaked information include but are not limited to name, date of birth, gender, address, Medicare card number, as well as prescription medication.

MediSecure also highlighted an increased likelihood of Australians being targeted by phishing, identity-related crime, and cyber scam activities, given the types of the data impacted.

Having entered into voluntary administration in early June, the company is not a current participant in Australia’s digital health network, while Australians can continue to access medicines through the national prescription delivery service eRx.

According to the Australian Department of Home Affairs, the eScript system enabled prescriptions to be delivered from prescribers to a pharmacy of an individual’s choice. MediSecure was one of two prescription delivery services operating nationally until last year.

In May 2023, the Australian government finalized a tender for this service, granting it solely to another company Fred IT Group’s eRx Script Exchange (eRx), which remains untouched by the MediSecure cyber attack.

Australian Broadcasting Corporation commented that with 12.9 million people having their personal data compromised, the incident marks “one of the largest cyber breaches in Australian history.”