Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Data Stolen From MediSecure for Sale on Dark Web

A threat actor is asking $50,000 for data allegedly stolen from Australian digital prescription services provider MediSecure.

Australian digital prescription services provider MediSecure has confirmed that data allegedly stolen in a recent ransomware attack is being offered for sale on the dark web.

The company, which operated as a prescription delivery service across Australia until late 2023, disclosed the data breach earlier this month, saying that the incident originated from a third-party provider.

As part of the incident, a threat actor stole both personal and health information belonging to patients who received services from MediSecure up until November 2023, as well as the personal information of healthcare providers.

Just before the US holiday weekend, however, news broke that a threat actor put the information allegedly stolen from MediSecure up for sale on an underground forum, for $50,000.

The threat actor created an account on the hacking forum under the name of Ansgar on May 15, just one day before MediSecure disclosed the data breach publicly, and posted for the first time on May 23, when they announced intent to sell the allegedly stolen information.

Ansgar posted several screenshots as proof, claiming to be in the possession of 6.5 terabytes of files stolen from MediSecure, which contain names, addresses, email addresses, phone numbers, insurance numbers, prescription information, and login information.

“MediSecure is aware that a data set containing the personal information and limited health information of our customers has been made available on a dark web forum,” MediSecure noted in an update on its website late last week.

“Australians should not go looking for this data. Accessing stolen sensitive or personal information on the dark web only feeds the business model of cybercriminals,” Australia’s National Cyber Security Coordinator (NCSC) said on Friday.

Advertisement. Scroll to continue reading.

The Australian police and multiple government agencies in the country are investigating the threat actor’s claims, the NCSC added.

“While this is an unwelcome development, I want to again assure Australians that if individuals are at risk of serious harm through the publication of their information, then we will work with MediSecure to make sure that individuals are appropriately informed, so they may take steps to protect themselves from any further risk to their personal information,” the NCSC said.

While the identity of the threat actor is not known, it appears that they are not part of a ransomware group, which would typically operate its own leak site.

The Australian healthcare system has not been affected by the attack, as MediSecure has not been participating in the nation’s digital health network since late 2023.

“While MediSecure is urgently working towards notifying the impacted individuals, we wish to reiterate and reassure the Australian community that this cyber security incident does not impact any ongoing access to medication,” MediSecure pointed out.

Related: 900k Impacted by Data Breach at Mississippi Healthcare Provider

Related: Kaiser Permanente Data Breach Impacts 13.4 Million Patients

Related: Government Launches Probe Into Change Healthcare Data Breach

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

The AI Risk Summit brings together security and risk management executives, AI researchers, policy makers, software developers and influential business and government stakeholders.

Register

People on the Move

Retired U.S. Army General and former NSA Director Paul M. Nakasone has joined the Board of Directors at OpenAI.

Jill Passalacqua has been appointed Chief Legal Officer at autonomous security solutions provider Horizon3.ai.

Cisco has appointed Sean Duca as CISO and Practice Leader for the APJC region.

More People On The Move

Expert Insights