This is a work in progress. While we strive for accuracy, some breach details may be incomplete or pending verification.

MediSecure

Summary

MediSecure, an electronic prescription delivery service provider, experienced a ransomware attack affecting approximately 12.9 million Australians—nearly half of the country's population. The breach exposed sensitive personal and health information including prescription details, Medicare numbers, and passport numbers, making it Australia's largest healthcare data breach.

What Happened

On 13 April 2024, MediSecure's database was encrypted by ransomware. An investigation determined that 6.5 terabytes of data were likely stolen by the attackers before the system was encrypted. The stolen data included information about individuals who received prescription services between March 2019 and November 2023.

On 31 May 2024, MediSecure confirmed that the stolen data had been posted for sale on a dark web forum, making the personal and health information of millions of Australians publicly accessible to criminals.

Impact on Individuals

The breach exposed highly sensitive medical information including:

  • Names, dates of birth, and addresses
  • Medicare card numbers and health care identifiers
  • Prescription medication details and histories
  • In some cases, passport numbers

This information creates significant risks for identity theft, medical fraud, and privacy violations. The exposure of prescription histories is particularly concerning as it reveals intimate health conditions and could be used for blackmail or discrimination.

Affected individuals were advised to monitor their Medicare accounts for suspicious activity and be alert for targeted phishing attempts using their medical information.

Organisational Response

MediSecure appointed administrators and liquidators in June 2024, citing inability to afford the "significant" costs of investigating and responding to the cyber incident. This meant the company could not continue forensic investigations or provide ongoing support to affected individuals.

The Australian Government's National Cyber Security Coordinator worked with relevant agencies to understand the incident and support affected Australians. However, the company's insolvency limited the response and notification process.

[extra.impact] affected_individuals = 12900000 individuals_note = "" data_volume_gb = 6500 record_count = 0 financial_cost_total = 0 ransom_demanded = 0 ransom_paid = 0 estimated_remediation = 0 downtime_hours = 0 downtime_note = "" +++

Verification Source: View original statement