One data breach has led to the exposure of several personal and medical data about 12.9 million people who have become victims of cybercrime. Several customers of MediSecure, one of Australia's leading healthcare providers, have been affected by the huge data breach. There has been a breach of data relating to prescriptions distributed by the company's systems from March 2019 to November 2023 that have been exposed.
MediSecure, a company that provides electronic prescriptions, said today that a total of 12.9 million customer records have been stolen and that an unknown amount of these records have been uploaded online.
When it first learned of the data breach on April 13, when other servers holding sensitive personal and health data were discovered to be infected with suspected ransomware, the company publicly confirmed the hack in May.
In an attack on MediSecure, which provides medical prescriptions, almost 13 million Australians were impacted by an incident where their personal and health data was breached.
Based on a comprehensive investigation into the metadata accessed by its attackers in May 2024, MediSecure has uncovered that 12.9 million individuals, who used the service from March 2019 to November 2023 for the delivery of prescriptions, were affected by the breach.
In addition to this, information regarding patient prescriptions is stored in this database.
According to the authors of this evaluation, which was published on July 18, a detailed analysis of healthcare identifiers for individuals was conducted.
The dataset consists of a wide variety of information related to both personal and health issues, some of which are sensitive by nature.
Name, title, date of birth, gender, e-mail address, home address, and phone number are the personal information requested. Individual healthcare identifiers (IHI); Medicare card number; Commonwealth Seniors card number and expiration date; Healthcare Concessions card number and expiration date; Health care concessions card number and expiration date; Department of Veterans Affairs (DVA) card number and expiration date; prescription medication, including the name of the drug, the strength, the quantity, the number of repeats and the reason for the prescription.
It has now been announced in a statement by the Department of Home Affairs that certain details about the system breach have been revealed. There have also been several links that have been provided that give victims information on how to identify scammers and protect their personal information as well as where they may find guidance. A support program is also in place to assist those who may be distressed by the nature of the attack; mental health care is also available to those affected.
Nevertheless, it is important to emphasize that prescriptions were not affected by this change and healthcare providers were still able to prescribe and dispense medicines accordingly.
There have been further breaches at another major healthcare provider, this time in the US, so the overall cost of the breach is still being calculated. A third of Americans may be impacted by the ransomware attack that took place on Change Healthcare.
In this case, there would be 110 million individuals who would be affected by this catastrophe. There is no doubt that this attack dwarfed the Anthem attack suffered in 2015, which involved the personal records of 78.8 million people.
According to The HIPAA Journal, the projected cost of addressing the cyberattack on Change Healthcare that occurred in February is estimated to be between $2.3 billion and $2.45 billion.
This figure, however, does not account for the expenses associated with notifying all affected customers.
These cyberattacks have left millions of individuals justifiably worried that their personal information may be accessible to malicious entities who could repeatedly exploit it for fraudulent purposes.
Additionally, these incidents have significantly undermined public trust in medical providers, who are entrusted with some of the most sensitive personal details. The ramifications of these breaches extend beyond financial losses, eroding confidence in the security measures of healthcare institutions tasked with safeguarding patient information.
