MediSecure data breach following ransomware attack affects millions of patients

security
(Image credit: Shutterstock / binarydesign)

A recent ransomware attack against healthcare firm MediSecure resulted in the theft of sensitive data belonging to almost 13 million people, the company has confirmed.

Australian prescription delivery service provider MediSecure suffered a ransomware attack in April 2023, notifying the public a month later, saying it suffered a “cyber security incident”, bringing in third-party cybersecurity experts, and notified the relevant authorities.

Now, after concluding its investigation, the company confirmed that the attackers stole personally identifiable information (PII) on approximately 12.9 million people.

Names, addresses, and phone numbers

"MediSecure can confirm that approximately 12.9 million Australians who used the MediSecure prescription delivery service during the approximate period of March 2019 to November 2023 are impacted by this Incident based on individuals’ healthcare identifiers. However, MediSecure is unable to identify the specific impacted individuals despite making all reasonable efforts to do so due to the complexity of the data set."

Being unable to identify the specific impacted individuals is rather curious, since the information stolen includes people’s names, dates of birth, postal addresses, phone numbers, email addresses, individual healthcare identifiers (IHI), Medicare card numbers, prescription medication details, the reason for the prescription and instructions on how to use the drugs.

Furthermore, the archive includes Pensioner Concession, Commonwealth Seniors, Healthcare Concession, and Department of Veterans’ Affairs (DVA) (Gold, White, Orange) card numbers.

Usually, law enforcement agencies will advise organizations against paying the ransom in exchange for the decryption key. Instead, they suggest firms keep fresh backups at hand, at all times, to be able to restore their systems swiftly, and resume operations as soon as possible. MediSecure seems to have done just that, as it said that on 17 May it “successfully restored a complete backup of the server”.

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
Data breach
Top medical billing firm says data breach hit 360,000 users
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
Lock on Laptop Screen
United Healthcare data breach may have affected 190 million Americans
healthcare
Over a million clinical records exposed in data breach
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
UK private health services firm told to pay up $2m for ransomware hit
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Zendesk Relate 2025
Zendesk Relate 2025 - everything you need to know as the event unfolds
Disney Plus logo with popcorn
You can finally tell Disney+ to stop bugging you about that terrible Marvel show you regret starting
Google Gemini AI
Gemini can now see your screen and judge your tabs
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Philips Hue
Philips Hue might be working on a video doorbell, and according to a new report, we just got our first look at it
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand