MediSecure, an Australian prescription supply service supplier, revealed that roughly 12.9 million individuals had their private and well being data stolen in an April ransomware assault.
The corporate was pressured to close down its web site and cellphone strains to include the assault, disclosing it on Could 16 as a “cyber security incident.”
On the time, the Australian Nationwide Cyber Safety Coordinator (NCSC), who was serving to MEdiSecure to mitigate the breach, described it as a “large-scale ransomware data breach.”
Whereas investigating the ransomware assault, MediSecure discovered that the risk actors stole 6.5TB of knowledge, which has since been restored from a server backup.
“On 13 April 2024, MediSecure was made conscious of the Incident when it was found a database server had been encrypted by suspected ransomware. On 17 Could 2024, with the help of IT specialists, MediSecure efficiently restored an entire backup of the server and took instant steps to analyze the impacted data,” the corporate mentioned in a Thursday assertion.
“MediSecure can affirm that roughly 12.9 million Australians who used the MediSecure prescription supply service throughout the approximate interval of March 2019 to November 2023 are impacted by this Incident based mostly on people’ healthcare identifiers. Nevertheless, MediSecure is unable to determine the precise impacted people regardless of making all affordable efforts to take action as a result of complexity of the information set.”
The non-public and well being data impacted by this breach pertains to prescriptions distributed by MediSecure till November 2023, together with names, dates of beginning, addresses, contact data (cellphone numbers and electronic mail addresses), particular person healthcare identifier (IHI), Medicare card numbers, prescription medicine (title of drug, energy, and amount), and purpose for prescription and directions.
It additionally included Pensioner Concession, Commonwealth Seniors, Healthcare Concession, and Division of Veterans’ Affairs (DVA) (Gold, White, Orange) card numbers.
“Be looking out for scams referencing the MediSecure data breach, and don’t reply to unsolicited contact that references the data breach skilled by MediSecure.” the Australian Nationwide Cyber Safety Coordinator warned on Thursday.
“If contacted by somebody claiming to be a medical or different service supplier, together with monetary service supplier, looking for private, cost or banking data it is best to dangle up and name again on a cellphone quantity you have got sourced independently.”
MediSecure was one in every of two Australian prescription supply companies till late 2023 when it was changed by one other firm, Fred IT Group’s eRx Script Trade (eRx).
