A cyberattack on MediSecure, a former e-prescription provider in Australia, has compromised the personal information of a staggering 12.9 million people - nearly half the country's population.
This data breach surpasses the scale of the Optus and Medibank incidents in 2022, raising serious concerns about data security and user notification.
For the record, the Optus hack recorded 9.8 million compromised accounts while 9.7 million individuals were affected during the Medibank cyberattack.
12.9 Million Australians Affected, But Who Exactly?
The company's administrators, FTI Consulting, confirmed the massive impact of the April hack in a recent update. While they acknowledge the compromised data of 12.9 million Australians, a critical limitation exists: MediSecure lacks the financial resources to identify the specific individuals affected.
This means millions of Australians are left in the dark, unsure if their personal healthcare data has been stolen. The impacted server contained a vast amount of complex data, making it "not practicable" to pinpoint each affected individual without incurring substantial costs, according to local newspaper 9News.
"However, MediSecure is unable to identify the specific impacted individuals despite making all reasonable efforts to do so due to the complexity of the data set," administrators FTI Consulting said.
6.5 Terabytes of Data Exfiltrated, Content Unknown
The extent of the compromised data cannot be determined even by the authorities. MediSecure knows that a malicious actor exfiltrated 6.5 terabytes of data - a massive amount equivalent to billions of pages of text. However, due to server encryption, the specific type of data accessed remains unknown.
This lack of clarity leaves many Australians feeling vulnerable and anxious about their medical information potentially being exposed.
Delayed Notification and Uncertain Future
The April hack remained undisclosed to the public until May by MediSecure. Shortly after, the company entered administration in June, while its subsidiary, Operations MDS, underwent liquidation.
Operations MDS was deemed the "main trading entity" and previously facilitated electronic prescriptions for healthcare professionals. However, this service ceased operation in November 2023 as the federal Health Department transitioned to eRx as the sole provider.
The MediSecure data breach is living proof that even the biggest and most established companies are not spared from cyberattacks. It also serves as a reminder of the importance of robust cybersecurity measures and transparent communication during cyberattacks.
With millions of Australians potentially affected, the long-term consequences of this incident remain to be seen.
In other news, Tech Times reported that the adoption rate of the iPhone 15 has declined in the latest report, whereas the older models including the iPhone 14 variants saw a surge in usage among US consumers.
The data highlights that more users are not switching quickly, thus preferring the older handsets that they can still use for years to come.