Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

BREAKING: MediSecure confirms 12.9m Australians impacted by May data breach

The administrators of the insolvent e-prescription company have released details of the May hack and the scope of impact – but questions remain.

user icon David Hollingworth
Thu, 18 Jul 2024
BREAKING: MediSecure confirms 12.9 million Australians impacted by May data breach
expand image

FTI Consulting has released details of its investigation of a data breach that saw more than 6.5 terabytes of Australian prescription information posted for sale on a popular hacking forum.

The consulting firm – which was appointed as MediSecure’s administrator in June, after the company declared insolvency – has confirmed that the data of 12.9 million Australians were impacted in the breach.

Unfortunately, the investigation has been unable to identify specific individuals.

============
============

“The impacted server analysed by an external adviser consisted of an extremely large volume of semi-structured and unstructured data stored across a variety of data sets,” FTI Consulting said in a statement released late on Thursday afternoon, 18 July.

“This made it not practicable to specifically identify all individuals and their information impacted by the incident without incurring substantial cost that MediSecure was not in a financial position to meet.”

Liquidator Vaughan Strawbridge said that the investigation represented “significant costs” and that was the main reason that FTI Consulting was called in.

“Following our appointment, the administrators and liquidators commenced investigations into the respective companies and determined that Operations MDS Pty Ltd (in liquidation), a wholly owned subsidiary of MediSecure Ltd (administrators appointed), was the main trading entity of the corporate group, held the prescription delivery service registration up until November 2023, and maintained the IT environment subject to the Incident,” Strawbridge said.

“FTI Consulting will continue to work with MediSecure’s advisers and liaise with the Australian government in respect to the incident.”

The investigation also uncovered the details of the hack itself, and – again – the picture is far from a complete one.

MediSecure discovered the incident on 13 April 2024 and immediately began an investigation after securing its IT environment. According to FTI Consulting, however, “the encrypted server could not be examined to ascertain the information specifically accessed”.

The National Cyber Security Coordinator has responded to the update on the investigation.

“At this time, the Australian government is not aware of publication of the full data set. No one should go looking for or access stolen sensitive or personal information from the dark web. This activity only feeds the business model of cyber criminals and can be a criminal offence,” Lieutenant General Michelle McGuinness said in a separate statement.

“I understand many Australians will be concerned about the scale of this breach. I encourage everyone, whether impacted in this incident or not, to be alert to being targeted in scams.”

News of the MediSecure data breach broke when Australia’s National Cyber Security Coordinator warned of a “large-scale ransomware data breach incident” in May, with MediSecure announcing it was the victim the same day.

On 24 May, the data was offered for sale on a Russian hacking forum for US$50,000.


UPDATED 18/07/24 to add NCSC comment.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.