MediSecure, an Australian provider of digital prescription services, has confirmed that data allegedly taken during a recent ransomware attack is now being sold on the dark web.
The company disclosed the data breach earlier this month, stating that it originated from a third-party provider.
“MediSecure has identified a cyber security incident impacting the personal and health information of individuals. We have taken immediate steps to mitigate any potential impact on our systems,” a MediSecure said in a statement. “While we continue to gather more information, early indicators suggest the incident originated from one of our third-party vendors.”
MediSecure didn’t specify the number of individuals impacted by the breach but stated that the ransomware attack affected data stored up until November 2023. This included personal and health information of patients who used MediSecure’s services, as well as the personal details of healthcare providers.
According to the health department reports MediSecure’s e-script service has issued more than 189 million electronic prescriptions since May 2020.
In the meantime, news surfaced that a cybercriminal was selling data allegedly stolen from MediSecure on an underground forum for $50,000.
On May 15, one day before MediSecure publicly disclosed the breach, the threat actor created an account on the hacking forum under the name Ansgar. They made their first post on May 23, announcing the sale of the stolen information.
Ansgar provided several screenshots as evidence, claiming possession of 6.5 terabytes of files from MediSecure. The stolen data reportedly includes names, addresses, email addresses, phone numbers, insurance numbers, prescription details, and login information.
“MediSecure is aware that a data set containing the personal information and limited health information of our customers has been made available on a dark web forum,” MediSecure wrote in an update on its website.
Australia’s National Cyber Security Coordinator (NCSC) pointed out that “Australians should not go looking for this data” because “accessing stolen sensitive or personal information on the dark web only feeds the business model of cybercriminals.”
The Australian police and several government agencies are already investigating the threat actor’s claims.
“While this is an unwelcome development, I want to again assure Australians that if individuals are at risk of serious harm through the publication of their information, then we will work with MediSecure to make sure that individuals are appropriately informed, so they may take steps to protect themselves from any further risk to their personal information,” the NCSC said.