Australian digital prescription services provider MediSecure has confirmed that data allegedly stolen in a recent ransomware attack is being offered for sale on the dark web.
The company, which operated as a prescription delivery service across Australia until late 2023, disclosed the data breach earlier this month, saying that the incident originated from a third-party provider.
As part of the incident, a threat actor stole both personal and health information belonging to patients who received services from MediSecure up until November 2023, as well as the personal information of healthcare providers.
Just before the US holiday weekend, however, news broke that a threat actor put the information allegedly stolen from MediSecure up for sale on an underground forum, for $50,000.
The threat actor created an account on the hacking forum under the name of Ansgar on May 15, just one day before MediSecure disclosed the data breach publicly, and posted for the first time on May 23, when they announced intent to sell the allegedly stolen information.
Ansgar posted several screenshots as proof, claiming to be in the possession of 6.5 terabytes of files stolen from MediSecure, which contain names, addresses, email addresses, phone numbers, insurance numbers, prescription information, and login information.
“MediSecure is aware that a data set containing the personal information and limited health information of our customers has been made available on a dark web forum,” MediSecure noted in an update on its website late last week.
“Australians should not go looking for this data. Accessing stolen sensitive or personal information on the dark web only feeds the business model of cybercriminals,” Australia’s National Cyber Security Coordinator (NCSC) said on Friday.
The Australian police and multiple government agencies in the country are investigating the threat actor’s claims, the NCSC added.
“While this is an unwelcome development, I want to again assure Australians that if individuals are at risk of serious harm through the publication of their information, then we will work with MediSecure to make sure that individuals are appropriately informed, so they may take steps to protect themselves from any further risk to their personal information,” the NCSC said.
While the identity of the threat actor is not known, it appears that they are not part of a ransomware group, which would typically operate its own leak site.
The Australian healthcare system has not been affected by the attack, as MediSecure has not been participating in the nation’s digital health network since late 2023.
“While MediSecure is urgently working towards notifying the impacted individuals, we wish to reiterate and reassure the Australian community that this cyber security incident does not impact any ongoing access to medication,” MediSecure pointed out.
Related: 900k Impacted by Data Breach at Mississippi Healthcare Provider
Related: Kaiser Permanente Data Breach Impacts 13.4 Million Patients
Related: Government Launches Probe Into Change Healthcare Data Breach
