Data from the large-scale MediSecure cyberattack has been listed for sale on a dark web marketplace.
Data from the MediSecure cyberattack has been listed for sale on a dark web marketplace, along with a sample of the data, federal authorities have revealed.
But Australia’s cyber security boss and Australian e-prescription company MediSecure have both warned Australians not to go looking for the data.
In a statement national cyber security coordinator Lieutenant General Michelle McGuinness CSC said investigators were working with MediSecure to verify the data that had been posted online.
“We are aware a dataset purporting to be from the MediSecure breach has been advertised for sale on a dark web marketplace, along with a sample of the data,” she said.
“Australians should not go looking for this data. Accessing stolen sensitive or personal information on the dark web only feeds the business model of cybercriminals.
- This story was first published in Health Services Daily. Read the full story here, or subscribe here.
“All Australian Government agencies involved in the response are aware of the advertisement. Under joint standing arrangements Operation Aquila, the Australian Federal Police and Australian Signals Directorate are supporting this response.
“While this is an unwelcome development, I want to again assure Australians that if individuals are at risk of serious harm through the publication of their information, then we will work with MediSecure to make sure that individuals are appropriately informed, so they may take steps to protect themselves from any further risk to their personal information.”
Lt-Gen McGuiness said she was “urgently working with relevant government agencies and relevant health industry bodies on ensuring that medical practitioners are advised of actions they need to take”.
“We believe at this stage that this is a relatively small group that has been affected,” she said.
“As previously advised, paper and electronic prescriptions continue to operate as normal. People can continue to access medicines, doctors can still prescribe and pharmacists can still dispense as usual.”
Earlier this month MediSecure announced it had been hit by a large-scale ransomware data breach.
Related
Personal information and information relating to prescriptions was stolen as well as the personal information of healthcare providers. MediSecure has not said how many Australians have been affected but confirmed the data taken was from its systems up until November last year.
The Department of Home Affairs has set up a dedicated webpage for the incident. MediSecure has closed its website except for a home page that is providing updates on the investigation. Its latest statement urges Australians not to go looking for the data.