In a recent development concerning the MediSecure data breach, the Australian cyber chief announced an alarming revelation regarding the compromised patient data. A hacker has come forward claiming possession of the data believed to have been stolen during the ransomware attack and is attempting to sell it on a Russian hacking forum for a hefty sum of $50,000.
Lieutenant General Michelle McGuinness, Australia’s National Cyber Security Coordinator, expressed concern over the situation, stating that federal agencies involved in responding to the data breach incident are actively investigating the advertisement and working closely with MediSecure to verify the authenticity of the data being offered for sale.
MediSecure, one of the major providers of electronic prescription services to healthcare professionals in Australia, fell victim to a large-scale ransomware attack as reported last week. While a preliminary investigation revealed that the attack was isolated and had no immediate impact on current e-Prescriptions, it was confirmed that personal and health data of customers and providers dating back to November 2023 may have been accessed as a result of the breach.
Following the discovery of the hacker’s claim and the attempted sale of the stolen data, the Australian Federal Police and Australian Signals Directorate have initiated a joint investigation under Operation Aquila to address and respond to the security breach.
The hacker responsible for the data breach incident posted details of the compromised information on a Russian hacking forum, offering up a database containing a vast amount of personal data belonging to thousands of Australians. The information included insurance numbers, phone numbers, addresses, names, supplier and contractor details, emails, website login credentials, prescription information, and IP addresses of site visitors. Notably, the hacker specified that they intended to sell the information to a single buyer only.
CyberKnow, a hacktivist tracking group, conducted research suggesting that the hacker’s claim on the forum was likely genuine. The group emphasized that this incident did not appear to be a typical ransomware extortion attempt and questioned whether any negotiation or extortion had taken place between the hacker and MediSecure. CyberKnow also warned against seeking out the stolen data on the dark web, emphasizing that such actions only serve to support cybercriminal activities.
In response to the breach, Australian Privacy Commissioner Carly Kind acknowledged the ongoing challenges faced by organizations in safeguarding customer data and emphasized the need for enhanced privacy legislation to ensure robust cybersecurity measures are in place across all Australian businesses. Kind called for urgent reforms to the Privacy Act to align with the evolving capabilities of cyber threat actors and to enhance protection for individuals’ personal information.
The Office of the Australian Information Commissioner (OAIC) is actively investigating whether MediSecure fulfilled its obligations under federal laws mandating the notification of data breaches to the relevant authorities.
As the investigation continues and efforts are made to address the aftermath of the data breach, it is evident that cybersecurity remains a critical issue requiring ongoing vigilance and proactive measures to protect sensitive information and prevent further breaches.