MediSecure, an Australian prescription supply service supplier, revealed that roughly 12.9 million folks had their private and well being data stolen in an April ransomware assault.
The corporate was pressured to close down its web site and telephone traces to comprise the assault, disclosing it on Might 16 as a “cyber safety incident.”
On the time, the Australian Nationwide Cyber Safety Coordinator (NCSC), who was serving to MEdiSecure to mitigate the breach, described it as a “large-scale ransomware information breach.”
Whereas investigating the ransomware assault, MediSecure discovered that the risk actors stole 6.5TB of information, which has since been restored from a server backup.
“On 13 April 2024, MediSecure was made conscious of the Incident when it was found a database server had been encrypted by suspected ransomware. On 17 Might 2024, with the help of IT specialists, MediSecure efficiently restored a whole backup of the server and took rapid steps to analyze the impacted data,” the corporate mentioned in a Thursday assertion.
“MediSecure can verify that roughly 12.9 million Australians who used the MediSecure prescription supply service in the course of the approximate interval of March 2019 to November 2023 are impacted by this Incident primarily based on people’ healthcare identifiers. Nonetheless, MediSecure is unable to determine the precise impacted people regardless of making all affordable efforts to take action because of the complexity of the info set.”
The non-public and well being data impacted by this breach pertains to prescriptions distributed by MediSecure till November 2023, together with names, dates of delivery, addresses, contact data (telephone numbers and e mail addresses), particular person healthcare identifier (IHI), Medicare card numbers, prescription remedy (title of drug, energy, and amount), and purpose for prescription and directions.
It additionally included Pensioner Concession, Commonwealth Seniors, Healthcare Concession, and Division of Veterans’ Affairs (DVA) (Gold, White, Orange) card numbers.
“Be looking out for scams referencing the MediSecure information breach, and don’t reply to unsolicited contact that references the info breach skilled by MediSecure.” the Australian Nationwide Cyber Safety Coordinator warned on Thursday.
“If contacted by somebody claiming to be a medical or different service supplier, together with monetary service supplier, looking for private, cost or banking data it’s best to hold up and name again on a telephone quantity you’ve sourced independently.”
MediSecure was one in all two Australian prescription supply companies till late 2023 when it was changed by one other firm, Fred IT Group’s eRx Script Change (eRx).
