MediSecure Customer Data Is Being Sold on the Dark Web

Australian digital prescription services provider MediSecure has confirmed a significant data breach following a ransomware attack, resulting in the theft of 6.5 terabytes of sensitive information. The stolen data, which includes personal and health information of patients and healthcare providers, has been put up for sale on a dark web forum for $50,000.

MediSecure, which operated as a prescription delivery service across Australia until late 2023, disclosed the data breach earlier this month. The incident is believed to have originated from one of its third-party vendors, according to MediSecure. "MediSecure is aware that a data set containing the personal information and limited health information of our customers has been made available on a dark web forum," the company stated in an update on its website.

The threat actor, using the alias Ansgar, posted screenshots as proof of possession of the stolen data, which includes names, addresses, email addresses, phone numbers, insurance numbers, prescription information, and login details. Ansgar's forum account was created just one day before MediSecure publicly disclosed the data breach, and the hacker's first post announced the intent to sell the stolen information.

The Australian National Cyber Security Coordinator (NCSC) has urged Australians not to seek out stolen data on the dark web. "Australians should not go looking for this data. Accessing stolen sensitive or personal information on the dark web only feeds the business model of cybercriminals," the NCSC stated.

The Australian police and multiple government agencies are investigating the breach. While the identity of the threat actor remains unknown, it appears they are not part of a traditional ransomware group, who typically operate their own leak site.

MediSecure has not been a participant in Australia's digital health network since late 2023, so the breach does not impact the current prescribing and dispensing of medications.

Adding to the complexity of the situation, MediSecure has requested financial support from the federal government to help cover operating costs following the attack. According to ABC News, this request has been declined. This marks the first time a private company has asked for government financial support following a cyber attack.

This incident follows the ongoing trend of healthcare and public health agencies being targeted by cybercriminals. In previous high-profile breaches, organizations like HCA Healthcare and Change Healthcare have also been targeted, indicating a persistent threat to the healthcare sector.