In a worrying turn of events, the Australian company MediSecure, common for its digital prescription services, verified that information purportedly taken during a recent ransomware incident is now being sold on the dark web.
This company, which provided prescription delivery services across Australia until the end of 2023, made the data breach public earlier this month, noting that the data breach stemmed from a third-party supplier.
As part of the breach, a threat actor stole both personal and health information belonging to patients who received services from MediSecure up until November 2023, as well as the personal information of healthcare providers.
Just before the US holiday weekend, news broke that a threat actor had put the stolen information up for sale on an underground forum for $50,000. The threat actor, operating under the name Ansgar, created an account on the hacking forum on May 15, one day before MediSecure publicly disclosed the data breach.
On May 23, Ansgar made their first post, announcing the intent to sell the allegedly stolen information. The post includes several screenshots as proof, claiming to be in possession of 6.5 terabytes of files stolen from the company MediSecure. These files reportedly contain names, addresses, email addresses, phone numbers, insurance numbers, prescription information, and login information.
MediSecure acknowledged the situation in an update on its website, stating, “MediSecure is aware that a data set containing the personal information and limited health information of our customers has been made available on a dark web forum.
” The company urged Australians not to seek out this data, emphasising that accessing stolen sensitive or personal information on the dark web only perpetuates the business model of cybercriminals.
Australia’s National Cyber Security Coordinator (NCSC) also issued a statement, advising the public against attempting to access the stolen data. The NCSC highlighted the risks associated with engaging with such illegal content and the broader implications for cybersecurity.
They added that the Australian police and multiple government agencies are investigating the actor’s claims. Despite the severity of the breach, the NCSC sought to reassure the public, stating, “While this is an unwelcome development, I want to again assure Australians that if individuals are at risk of serious harm through the publication of their information, then we will work with MediSecure to make sure that individuals are appropriately informed, so they may take steps to protect themselves from any further risk to their personal information.”
The identity of the threat actor remains unknown, and it appears that they are not part of a typical ransomware group, which would usually operate its own leak site.
This incident stands out because MediSecure had ceased participation in Australia’s digital health network in late 2023, meaning the broader Australian healthcare system has not been directly affected by the attack.
MediSecure emphasised that they are urgently working to notify the impacted individuals and reassured the community that the cyber security incident does not impact ongoing access to medication.
The company stated, “While MediSecure is urgently working towards notifying the impacted individuals, we wish to reiterate and reassure the Australian community that this cyber security incident does not impact any ongoing access to medication.”
The ramifications of this breach are profound, not just for the affected individuals, but for the broader discourse on cybersecurity in the healthcare sector.
Personal health information is highly sensitive, and its exposure can lead to a range of negative outcomes, including identity theft, fraud, and psychological distress. The sale of such data on the dark web creates opportunities for further exploitation by other malicious actors.
The incident underscores the importance of robust cybersecurity measures and vigilant monitoring of third-party providers. Healthcare organisations, in particular, need to ensure that their partners adhere to stringent security protocols to protect patient data. This breach serves as a stark reminder of the potential risks associated with outsourcing critical functions to third-party vendors.
For the affected individuals, the disclosure of their personal and health information on the dark web poses a significant threat. They must be vigilant for signs of identity theft and fraud. MediSecure, along with government agencies, will need to provide comprehensive support to these individuals, including guidance on how to protect themselves from further harm.
This breach also highlights the evolving tactics of cybercriminals. The use of underground forums to sell stolen data is not new, but the sophistication and scale of such operations are increasing. Cybercriminals are continuously adapting their methods to exploit vulnerabilities in organisational defences, and this incident is a stark illustration of that trend.
In conclusion, the MediSecure data breach is a significant incident with wide-ranging implications. It highlights the vulnerabilities in the healthcare sector and the critical need for robust cybersecurity measures. For the affected individuals, it represents a serious breach of trust and a threat to their personal safety.
As investigations continue, it is essential that organisations across all sectors learn from this incident and take proactive steps to safeguard their data and protect against future attacks. The collaboration between MediSecure, government agencies, and cybersecurity experts will be crucial in mitigating the impact of this breach and preventing similar incidents in the future.
Click here, to secure your firm from cyber attacks.
