Half of all Australians hit by MediSecure hack, but company can’t afford to find out who
Half of Australia’s population has been caught up in the cyberattack on MediSecure, but the company can’t afford to find out exactly who had their data stolen and notify them.
The eprescription provider’s administrators released an update on the incident this evening, in which it said 12.9 million Australians’ details were compromised in the April hack.
That makes it bigger than the Optus and Medibank data breaches in 2022.
However, the administrators said MediSecure didn’t have the financial means to identify exactly which of its customers were impacted, making it impossible for them to be notified that their data had been stolen.
The company also doesn’t know what data had been compromised, only that 6.5 terabytes was stolen – the equivalent of billions of pages of text.
“The investigation indicated that 6.5TB of data stored on the server was likely exfiltrated by a malicious third-party actor, however the encrypted server could not be examined to ascertain the information specifically accessed,” the administrators said.
The hack happened in April, but MediSecure didn’t notify the public of the incident until May.
It then went into administration in June, while its subsidiary Operations MDS, which administrators found was the “main trading entity of the corporate group”, went into liquidation.
It had provided a system to allow healthcare professionals like GPs to send prescriptions to patients electronically, but hadn’t been used since November 15 for new electronic prescriptions after the federal Health Department made eRx the sole e-script provider.
