We still don’t know the extent of the MediSecure breach, but watch out for these potential scams
- Written by: Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University
On Thursday last week, Australian media began reporting that an unnamed “commercial health information organisation” had been targeted[1] by cyber criminals.
Within hours, reports quickly confirmed[2] that data relating to digital prescriptions for Australian patients had been caught up in a ransomware incident[3] at the Melbourne-based MediSecure[4].
The public may be concerned at the lack of information shared to date, with the Australian government still saying[5] it is in the preliminary stages of its response, and investigations are ongoing.
It is quite normal for such investigations to take time. In fact, it’s likely to be several days (even weeks) before we have a full picture of the impact.
While these investigations progress, it is important to be alert to opportunistic scams that are likely to emerge in the coming days – even if you have never received a digital prescription.
Am I a victim of the MediSecure breach?
MediSecure provided digital prescription (eScript) services across Australia until late 2023. The company would have held personal details and some limited medical data relating to prescriptions.
If you received a prescription (via email or SMS) prior to November, it is possible your medical practice was using the MediSecure prescription system. You can potentially check this by consulting older scripts and seeing if the hyperlink was issued via MediSecure.
However, there is currently no information that would allow us to determine who is affected. For many, this will be disappointing as there would obviously be records that would indicate which healthcare practices were using the prescription service from MediSecure.
It is, however, possible this data is currently inaccessible due to the ransomware incident. Alternatively, the government may be working with providers to plan communications with those who are affected. This could be a good way to manage the sharing of information with these people, if handled in a timely fashion.
What about more recent prescriptions?
From November 15 2023, MediSecure ceased processing prescriptions[6] in Australia after a tender process allocated the contract to a single company, eRx. Almost 190 million digital prescriptions were issued[7] in the last four years between the two providers.
The government has provided assurance[8] that services provided by eRx have not been affected:
People should keep accessing their medications and filling their prescriptions. This includes prescriptions (paper and electronic) that may have been issued up until November 2023.
Look out for potential scams
The priority at the moment is to determine the level of the breach. Investigations will reveal if the company has simply been locked out of its systems, or if data was also stolen.
Meanwhile, there is potential for scams to start appearing – including ones that originate from completely unrelated criminal groups.
Criminals won’t miss an opportunity to capitalise on a public interest story, including significant events. Following the Optus data breach, it did not take long before criminals were establishing new campaigns[9] to manipulate the public in the wake of a major security issue.
It is highly likely we will soon see scams that use the MediSecure story as a “hook”. This could be as simple as providing a link to “find out if you are a victim” or even offering to help alleged victims reclaim their data and/or identity.
If, however, the criminals behind the MediSecure ransomware have taken the data for their own use, we are potentially facing much bigger issues.
With access to personal information, prescription data and (possibly) a person’s Medicare card number, scammers can add an air of authenticity to their campaigns.Imagine receiving an official-looking email that includes the final four digits of your Medicare card to “verify” the email is genuine. The email might even assure you it is genuine by saying it has not included the full number for “your security”.
If stolen data is then released (likely on the dark web), there is potential for other criminals to use the data in campaigns. This recently happened following the Optus data breach.
What next?
The investigation will be continuing for the coming weeks. The primary aim is to determine how much data has been accessed, if it has been copied and how many people are affected.
So far, we have been assured no identity documentation is at risk, as Medicare records contain limited information[10] that would not allow for identity theft.
The most important message at the moment is to be alert. We are likely to see scams emerging over the coming days that will leverage this incident. Many will likely be very convincing.
If you receive direct communications claiming to be from MediSecure, stop. Refer to the Home Affairs website[11] which will be updated with the latest information.
The Australian Competition and Consumer Commission’s Little Black Book of Scams[12] is a great reference to raise awareness of the techniques used by cyber criminals.
References
- ^ had been targeted (www.abc.net.au)
- ^ reports quickly confirmed (www.smh.com.au)
- ^ caught up in a ransomware incident (theconversation.com)
- ^ MediSecure (www.medisecure.com.au)
- ^ the Australian government still saying (www.homeaffairs.gov.au)
- ^ ceased processing prescriptions (www.ama.com.au)
- ^ 190 million digital prescriptions were issued (www.theguardian.com)
- ^ provided assurance (www.homeaffairs.gov.au)
- ^ establishing new campaigns (7news.com.au)
- ^ Medicare records contain limited information (www.9news.com.au)
- ^ Home Affairs website (www.homeaffairs.gov.au)
- ^ Little Black Book of Scams (www.scamwatch.gov.au)
