Doctors and pharmacists left in the dark after being named in MediSecure data on the dark web

Interviews
Written By Shane Bell
Doctors and pharmacists left in the dark after being named in MediSecure data on the dark web

Picture: ABC News

 

Article Excerpt:

Three weeks ago it emerged publicly that MediSecure, formerly one of the two main providers of medical prescription services in Australia, had been hacked.

One week later, a user posted in a Russian cybercrime forum on the dark web, claiming they had the MediSecure data and were selling it for $50,000.

  • In short: Doctors and pharmacists named in a sample of stolen MediSecure data posted on the dark web say they've received no contact advising them their information had been published online.

  • MediSecure has been criticised for being slow to respond to the leak and notify those affected.

  • What's next? The federal government is investigating the leak, and patients have been advised current prescriptions are not affected.

Evan Vougdis, one of our Cyber Directors and Cyber Threat Intelligence Practice Lead provided comment in this article:

A Department of Home Affairs spokesperson told the ABC: "MediSecure has a legal obligation to notify individuals at risk of serious harm as a result of the data breach that affected the company.

The doctors' details, including Medicare Provider numbers and prescriber numbers, would not be enough information to gain access to Medicare records, the department said.

"These claiming systems include security measures to prevent unauthorised access," the spokesperson said.

Regardless, cybersecurity expert Evan Vougdis from NSB Cyber said medical data was valuable to cybercriminals and could be used to make scams more targeted — or even to try and access medication. "If you know somebody's name, their date of birth, their address, and … what medication they're on, there are numerous avenues where things can happen," he said.

MediSecure has still not said how many Australians have been affected but confirmed the data taken was from its systems up until November last year.

Source: ABC News - Saturday 8th June 2024.
Author: Exclusive by national health reporter Elise Worthington and Leonie Thorne
Reference: Doctors and pharmacists left in the dark after being named in MediSecure data on the dark web

Shane Bell
Next

Qantas app breached, airline investigating cause