19.4 C
New York
November 7, 2024
News

Half of Australia’s Population Exposed After Major Data Hack

The Epoch Times

The government has assured the public that medical prescriptions continue to work as normal.

Half of the Australian population has had their information stolen in one of the nation’s largest data breaches.

On July 18, electronic prescription service MediSecure announced that it had ceased investigation of a cyber attack into one of its database servers in early 2024.

According to the company’s findings, hackers stole personal and sensitive information, including contact details, Medicare card numbers, and health information, of around 12.9 million Australians who used the MediSecure prescription delivery service between March 2019 and November 2023.

The complete list of what type of information had been stolen can be found on MediSecure’s website.

The hackers also uploaded an unknown amount of information onto the dark web.

While MediSecure suffered a severe data breach, the company said Australia’s digital health network was not affected as MediSecure did not participate in the system.

“At the time of the incident, MediSecure did not have any connections to the prescribing and dispensing of medications,” the company said in a statement.

“Australians can continue to access medicines safely, and healthcare providers can still prescribe and dispense as usual through the national prescription delivery service, eRx.”

The Home Affairs Department also assured the public that eRx was unaffected by the cyber attack.

“Prescriptions continue to work as normal. People should keep accessing their medications and filling their prescriptions,” it said.

“This i​ncludes prescriptions (paper and electronic) that may have been issued up until November 2023.”

MediSecure was one of two electronic prescription delivery services in Australia until late 2023.

However, in May 2023, the federal government awarded the service exclusively to eRx Script Exchange.

The Australian Federal Police (AFP) is currently investigating the incident, and the federal government has said that it is not aware of the publication of the entire stolen data set.

How the Data Breach Happened

MediSecure said it became aware of the cyber attack on April 13 when the company discovered that a database server had been encrypted by suspected ransomware.

The company then took action to contain the affected database server and conducted a forensic investigation to identify the cause of the unauthorised access and the impacts.

Following the investigation, MediSecure found that hackers were likely to exfiltrate 6.5 terabytes of data stored on the server.

However, the company could not explicitly ascertain what information was accessed as the server was encrypted.

MediSecure then notified the incident to relevant authorities, including the Office of the Australian Information Commissioner, the Home Affairs Department, the Health and Aged Care Department, and the AFP.

On May 17, the electronic prescription service restored a complete backup of the affected server and started investigating the impacted information.

Apart from disrupting its operation, the cyber attack also inflicted a heavy financial burden on MediSecure, causing the company to enter voluntary administration on June 3.

Authorities’ Advice to Australians

National Cyber Security Coordinator Lieutenant General Michelle McGuinness has advised Australians not to go to the dark web to look for or access stolen information.

“This activity only feeds the business model of cyber criminals and can be a criminal offence,” she said on social media.

At the same time, the lieutenant general told the public to be alert to scams, regardless of whether they were affected by the data breach.

“Be on the lookout for scams referencing the MediSecure data breach, and do not respond to unsolicited contact that references the data breach experienced by MediSecure,” she said.

“If contacted by someone claiming to be a medical or other service provider, including a financial service provider, seeking personal, payment, or banking information, you should hang up and call back at a phone number you have sourced independently.”

Ms. McGuinness also shared some tips on enhancing Australian online security, including setting up multi-factor authentication, creating strong and unique passphrases, and installing software updates regularly.

MediSecure’s cyber attack comes as Australian corporations and government organisations have been subject to a series of serious data breaches in the past few years, causing millions of people to suffer from information theft.

Source link

Related posts

breaking falls flat on Olympic debut

Tom Jeffreys

Apple Changes EU App Store Policy After Commission Probe

Reuters

How parents can help their kids get back into school mode

Karen Kaplan

Ugandan, DR Congo troops rescue another 23 abductees from ADF rebels

The Independent

NSW Government Seeking to Put State CFMEU Branch Into Administration

Rex Widerstrom

UNDP donates drones to Uganda for wildlife conservation

The Independent

Leave a Comment