The Times Australia
The Times World News

.
Times Media

.

We still don’t know the extent of the MediSecure breach, but watch out for these potential scams

  • Written by Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University
We still don’t know the extent of the MediSecure breach, but watch out for these potential scams

On Thursday last week, Australian media began reporting that an unnamed “commercial health information organisation” had been targeted[1] by cyber criminals.

Within hours, reports quickly confirmed[2] that data relating to digital prescriptions for Australian patients had been caught up in a ransomware incident[3] at the Melbourne-based MediSecure[4].

The public may be concerned at the lack of information shared to date, with the Australian government still saying[5] it is in the preliminary stages of its response, and investigations are ongoing.

It is quite normal for such investigations to take time. In fact, it’s likely to be several days (even weeks) before we have a full picture of the impact.

While these investigations progress, it is important to be alert to opportunistic scams that are likely to emerge in the coming days – even if you have never received a digital prescription.

Am I a victim of the MediSecure breach?

MediSecure provided digital prescription (eScript) services across Australia until late 2023. The company would have held personal details and some limited medical data relating to prescriptions.

If you received a prescription (via email or SMS) prior to November, it is possible your medical practice was using the MediSecure prescription system. You can potentially check this by consulting older scripts and seeing if the hyperlink was issued via MediSecure.

However, there is currently no information that would allow us to determine who is affected. For many, this will be disappointing as there would obviously be records that would indicate which healthcare practices were using the prescription service from MediSecure.

It is, however, possible this data is currently inaccessible due to the ransomware incident. Alternatively, the government may be working with providers to plan communications with those who are affected. This could be a good way to manage the sharing of information with these people, if handled in a timely fashion.

What about more recent prescriptions?

From November 15 2023, MediSecure ceased processing prescriptions[6] in Australia after a tender process allocated the contract to a single company, eRx. Almost 190 million digital prescriptions were issued[7] in the last four years between the two providers.

The government has provided assurance[8] that services provided by eRx have not been affected:

People should keep accessing their medications and filling their prescriptions. This includes prescriptions (paper and electronic) that may have been issued up until November 2023.

Close-up of a medicare card in a black leather wallet with numbers partially obscured.
The government is assuring people that Medicare card details alone can’t be used as identifying information. AAP Image/Dave Hunt

Look out for potential scams

The priority at the moment is to determine the level of the breach. Investigations will reveal if the company has simply been locked out of its systems, or if data was also stolen.

Meanwhile, there is potential for scams to start appearing – including ones that originate from completely unrelated criminal groups.

Criminals won’t miss an opportunity to capitalise on a public interest story, including significant events. Following the Optus data breach, it did not take long before criminals were establishing new campaigns[9] to manipulate the public in the wake of a major security issue.

It is highly likely we will soon see scams that use the MediSecure story as a “hook”. This could be as simple as providing a link to “find out if you are a victim” or even offering to help alleged victims reclaim their data and/or identity.

If, however, the criminals behind the MediSecure ransomware have taken the data for their own use, we are potentially facing much bigger issues.

With access to personal information, prescription data and (possibly) a person’s Medicare card number, scammers can add an air of authenticity to their campaigns.Imagine receiving an official-looking email that includes the final four digits of your Medicare card to “verify” the email is genuine. The email might even assure you it is genuine by saying it has not included the full number for “your security”.

If stolen data is then released (likely on the dark web), there is potential for other criminals to use the data in campaigns. This recently happened following the Optus data breach.

What next?

The investigation will be continuing for the coming weeks. The primary aim is to determine how much data has been accessed, if it has been copied and how many people are affected.

So far, we have been assured no identity documentation is at risk, as Medicare records contain limited information[10] that would not allow for identity theft.

The most important message at the moment is to be alert. We are likely to see scams emerging over the coming days that will leverage this incident. Many will likely be very convincing.

If you receive direct communications claiming to be from MediSecure, stop. Refer to the Home Affairs website[11] which will be updated with the latest information.

The Australian Competition and Consumer Commission’s Little Black Book of Scams[12] is a great reference to raise awareness of the techniques used by cyber criminals.

References

  1. ^ had been targeted (www.abc.net.au)
  2. ^ reports quickly confirmed (www.smh.com.au)
  3. ^ caught up in a ransomware incident (theconversation.com)
  4. ^ MediSecure (www.medisecure.com.au)
  5. ^ the Australian government still saying (www.homeaffairs.gov.au)
  6. ^ ceased processing prescriptions (www.ama.com.au)
  7. ^ 190 million digital prescriptions were issued (www.theguardian.com)
  8. ^ provided assurance (www.homeaffairs.gov.au)
  9. ^ establishing new campaigns (7news.com.au)
  10. ^ Medicare records contain limited information (www.9news.com.au)
  11. ^ Home Affairs website (www.homeaffairs.gov.au)
  12. ^ Little Black Book of Scams (www.scamwatch.gov.au)

Read more https://theconversation.com/we-still-dont-know-the-extent-of-the-medisecure-breach-but-watch-out-for-these-potential-scams-230402

The Times Features

Will the Wage Price Index growth ease financial pressure for households?

The Wage Price Index’s quarterly increase of 0.8% has been met with mixed reactions. While Australian wages continue to increase, it was the smallest increase in two and a half...

Back-to-School Worries? 70% of Parents Fear Their Kids Aren’t Ready for Day On

Australian parents find themselves confronting a key decision: should they hold back their child on the age border for another year before starting school? Recent research from...

Democratising Property Investment: How MezFi is Opening Doors for Everyday Retail Investors

The launch of MezFi today [Friday 15th November] marks a watershed moment in Australian investment history – not just because we're introducing something entirely new, but becaus...

Game of Influence: How Cricket is Losing Its Global Credibility

be losing its credibility on the global stage. As other sports continue to capture global audiences and inspire unity, cricket finds itself increasingly embroiled in political ...

Amazon Australia and DoorDash announce two-year DashPass offer only for Prime members

New and existing Prime members in Australia can enjoy a two-year membership to DashPass for free, and gain access to AU$0 delivery fees on eligible DoorDash orders New offer co...

6 things to do if your child’s weight is beyond the ideal range – and 1 thing to avoid

One of the more significant challenges we face as parents is making sure our kids are growing at a healthy rate. To manage this, we take them for regular check-ups with our GP...

Times Magazine

Sell You Car and Help the Environment while Receiving Top Cash in Brisbane

Are you tired of the high costs of maintaining a car? Do you want to do your part to protect the environment? One solution could be to sell your car to a car removal company and receive top cash in return. Cars contribute significantly to air po...

Keep ‘em clean: 3 foods to avoid post-teeth whitening (& a few to enjoy!)

After receiving a professional teeth whitening, the last thing you want to do is immediately spoil it by indulging in the wrong food and beverage! This isn’t a one-off solution; it’s a process, and requires the recipient to undertake little extra h...

Credit Card Compare Australia on Major Rebuild and Relaunch

David Boyd's entrepreneurial journey is a compelling narrative of innovation, relentless pursuit of goals, and a firm belief in the transformative power of technology. He immigrated from Northern Ireland to Australia in 2003. Boyd became known as a...

Why Do Dogs Tear Up Their Beds? – Pets Best

Owning a dog brings immense joy and companionship, but it also comes with certain challenges such as dealing with destructive behavior, such as the tearing up of their beds. This predicament can be confusing and exasperating for pet owners. The f...

The Essentials of AV Integration: A Beginner's Guide to Audio and Video Integration

The fusion of AV systems into building design, known as AV Integration, is increasingly becoming vital to the work done by building services engineers and consultants. This transformative practice enhances not only the functionality but also the ...

Car Servicing Tips for Prolonged Vehicle Life

Car servicing is an indispensable aspect of automobile ownership. By adhering to a routine maintenance schedule, vehicle owners can not only keep their cars running smoothly and efficiently, but also enhance their performance, reduce the likelihood...