Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Exclusive: Stolen MediSecure data posted for sale on Russian hacking forum

A week after the e-prescription service revealed it was hacked, more than six terabytes of patient data, consisting of over 50 million rows, is allegedly up for sale.

user icon David Hollingworth
Fri, 24 May 2024
Exclusive: Stolen MediSecure data posted for sale on Russian hacking forum
expand image

A member of a Russian hacking forum claims to be in possession of 6.5 terabytes of data stolen from Australian e-prescription company MediSecure last week.

A user on the forum – Cyber Daily will not mention the forum’s name – is selling the data for US$50,000.

“For sale: Database of an Australian medical prescriptions company MedSecure [sic],” the post, by a user named Ansgar, said.

============
============

“Includes information on citizens, insurance numbers, phone numbers, addresses, full names, supplier information, contractor information, emails, user+passwords for MedSecure [sic] website, prescription information (who was prescribed what), IP addresses of visitors to the site and etc.”

Unlike some hacking forums, this one appears to block access to either certain IPs or prospective users – Cyber Daily has not been able to observe the site but has seen a screenshot shared by threat intelligence platform FalconFeeds. The screenshot (pictured) has what appears to be a short list of sample data, which FalconFeeds has obscured.

The poster noted they will only sell to one buyer and that there are more than 50 million rows of data – presumably all related to e-prescriptions managed by MediSecure prior to 2023 when it ceased that particular service. The post was made overnight, on 23 May.

Australia’s national cyber security coordinator, Lieutenant General Michelle McGuinness, first warned of a “large-scale ransomware data breach incident” impacting an Australian organisation on 16 May, with MediSecure admitting it was the victim later in the day.

“Yesterday afternoon, I was advised by a commercial health information organisation that it was the victim of a large-scale ransomware data breach incident,” LTGEN McGuinness said in a statement at the time.

Minister for Cyber Security Clare O’Neil also commented on the breach.

“I have been briefed on this incident in recent days, and the government convened a National Coordination Mechanism regarding this matter today,” Minister O’Neil said in a LinkedIn post.

“The national cyber coordinator, Michelle McGuinness, is leading work across the Australian government to support the company in managing this large-scale ransomware incident.

“Updates will be provided in due course. Speculation at this stage risks undermining significant work underway to support the company’s response.”

Despite LTGEN McGuinness noting the breach as a ransomware incident, the data is being sold by what appears to be a broker unconnected to any known ransomware group, and who has not been observed by threat analysts previously. It is the user’s first post after joining the forum on 15 May.

The seller also appears to have misspelt MediSecure’s name; however, there is no “Australian medical prescriptions company” named MedSecure, and FalconFeeds is confident that company is, in fact, MediSecure.

Cyber Daily has reached out to MediSecure for comment.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.