Read The Times Australia

Daily Bulletin

We still don’t know the extent of the MediSecure breach, but watch out for these potential scams

  • Written by: Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University
We still don’t know the extent of the MediSecure breach, but watch out for these potential scams

On Thursday last week, Australian media began reporting that an unnamed “commercial health information organisation” had been targeted by cyber criminals.

Within hours, reports quickly confirmed that data relating to digital prescriptions for Australian patients had been caught up in a ransomware incident at the Melbourne-based MediSecure.

The public may be concerned at the lack of information shared to date, with the Australian government still saying it is in the preliminary stages of its response, and investigations are ongoing.

It is quite normal for such investigations to take time. In fact, it’s likely to be several days (even weeks) before we have a full picture of the impact.

While these investigations progress, it is important to be alert to opportunistic scams that are likely to emerge in the coming days – even if you have never received a digital prescription.

Am I a victim of the MediSecure breach?

MediSecure provided digital prescription (eScript) services across Australia until late 2023. The company would have held personal details and some limited medical data relating to prescriptions.

If you received a prescription (via email or SMS) prior to November, it is possible your medical practice was using the MediSecure prescription system. You can potentially check this by consulting older scripts and seeing if the hyperlink was issued via MediSecure.

However, there is currently no information that would allow us to determine who is affected. For many, this will be disappointing as there would obviously be records that would indicate which healthcare practices were using the prescription service from MediSecure.

It is, however, possible this data is currently inaccessible due to the ransomware incident. Alternatively, the government may be working with providers to plan communications with those who are affected. This could be a good way to manage the sharing of information with these people, if handled in a timely fashion.

What about more recent prescriptions?

From November 15 2023, MediSecure ceased processing prescriptions in Australia after a tender process allocated the contract to a single company, eRx. Almost 190 million digital prescriptions were issued in the last four years between the two providers.

The government has provided assurance that services provided by eRx have not been affected:

People should keep accessing their medications and filling their prescriptions. This includes prescriptions (paper and electronic) that may have been issued up until November 2023.

Close-up of a medicare card in a black leather wallet with numbers partially obscured.
The government is assuring people that Medicare card details alone can’t be used as identifying information. AAP Image/Dave Hunt

Look out for potential scams

The priority at the moment is to determine the level of the breach. Investigations will reveal if the company has simply been locked out of its systems, or if data was also stolen.

Meanwhile, there is potential for scams to start appearing – including ones that originate from completely unrelated criminal groups.

Criminals won’t miss an opportunity to capitalise on a public interest story, including significant events. Following the Optus data breach, it did not take long before criminals were establishing new campaigns to manipulate the public in the wake of a major security issue.

It is highly likely we will soon see scams that use the MediSecure story as a “hook”. This could be as simple as providing a link to “find out if you are a victim” or even offering to help alleged victims reclaim their data and/or identity.

If, however, the criminals behind the MediSecure ransomware have taken the data for their own use, we are potentially facing much bigger issues.

With access to personal information, prescription data and (possibly) a person’s Medicare card number, scammers can add an air of authenticity to their campaigns.Imagine receiving an official-looking email that includes the final four digits of your Medicare card to “verify” the email is genuine. The email might even assure you it is genuine by saying it has not included the full number for “your security”.

If stolen data is then released (likely on the dark web), there is potential for other criminals to use the data in campaigns. This recently happened following the Optus data breach.

What next?

The investigation will be continuing for the coming weeks. The primary aim is to determine how much data has been accessed, if it has been copied and how many people are affected.

So far, we have been assured no identity documentation is at risk, as Medicare records contain limited information that would not allow for identity theft.

The most important message at the moment is to be alert. We are likely to see scams emerging over the coming days that will leverage this incident. Many will likely be very convincing.

If you receive direct communications claiming to be from MediSecure, stop. Refer to the Home Affairs website which will be updated with the latest information.

The Australian Competition and Consumer Commission’s Little Black Book of Scams is a great reference to raise awareness of the techniques used by cyber criminals.

Authors: Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University

Read more https://theconversation.com/we-still-dont-know-the-extent-of-the-medisecure-breach-but-watch-out-for-these-potential-scams-230402

Business News

Australian organisations are relying on business continuity plans built for a far more predictable world

Tariff escalations, supply chain fragility, geopolitical events, and the ongoing threat of cyber disruption have reshaped the risk environment facing Australian organisations. The problem is that ma...

Daily Bulletin - avatar Daily Bulletin

How to Rent a Car for Uber in Melbourne: What Every New Driver Needs to Know

Starting out as an Uber driver in Melbourne is not as complicated as it sounds but getting the vehicle right is where most new drivers get stuck. Uber has strict requirements around vehicle age, condi...

Daily Bulletin - avatar Daily Bulletin

When Should You Speak to a Lawyer About a Legal Issue?

Legal issues can begin with a simple question, then become harder to manage once formal steps are involved. Many people wait until a matter feels urgent before seeking guidance, even though earlier ...

Daily Bulletin - avatar Daily Bulletin

The strategic rise of Bali as Australia’s next essential healthcare support hub

As Australian healthcare providers grapple with unprecedented operational bottlenecks, a new nearshore model is quietly transforming patient care delivery. Forward-thinking organisations,  including...

Daily Bulletin - avatar Daily Bulletin

Cost Savings and Benefits of Using Used Pallets in Logistics

In today’s competitive logistics and supply chain industry, businesses are constantly looking for ways to reduce operational costs without compromising efficiency and reliability. One of the most prac...

Daily Bulletin - avatar Daily Bulletin

How Fulfilment Services in Australia Help Businesses Scale Efficiently

The growth of e-commerce and modern retail has transformed customer expectations. Consumers now expect fast shipping, accurate order processing, and seamless delivery experiences regardless of where...

Daily Bulletin - avatar Daily Bulletin

Practical Ways Australian Workplaces Can Reduce Operating Costs

Reducing business costs doesn’t always mean cutting staff, shrinking services or making the workplace feel bare-bones. In many cases, the smarter savings are hiding in everyday operations: the light...

Daily Bulletin - avatar Daily Bulletin

Executive Recruitment Solutions That Help Organisations Secure Exceptional Leaders

Leadership has a direct impact on organisational performance, employee engagement, strategic growth, and long-term success. Businesses operating in increasingly competitive environments require experi...

Daily Bulletin - avatar Daily Bulletin

Why A WooCommerce Website Designer Matters For Online Growth

Running an online store today requires more than simply listing products and waiting for customers to arrive. Businesses need a website that is fast, reliable, easy to navigate, and designed to suppor...

Daily Bulletin - avatar Daily Bulletin

The Daily Magazine

DIY Rodent Control Vs Professional Help: When Is It Time To Call The Experts?

Rodents are one of the most frustrating pest problems for Australian property owners. Rats and mic...

Lighting Shop in Perth: How The Right Lighting Can Transform Your Home And Business

The right lighting can completely change the look, feel, and functionality of any space. Whether it ...

Traffic Light System Solutions For Safer And More Efficient Traffic Management

Modern cities and growing communities rely heavily on effective traffic management to ensure safety...

Gold Migration Lawyers in Liquidation: How the Closure Affects Your ART Appeal

If your appeal was with Gold Migration Lawyers, a recent change to how the Tribunal decides cases ...

The pressure cooker: life in urban Australia in 2026

Australian cities have always been demanding. Long commutes, rising housing costs, busy schedules a...

What Actually Makes a Good Criminal Lawyer in Melbourne

Most people only think about this question once. That is usually too late. Most people charged wi...

Why Working With A Chatswood Tutor Can Improve Academic Performance

Academic expectations continue increasing for students across primary school, high school, and senio...

Is It Worth Getting Solar Panels in Melbourne?

The real question is not whether solar works in Melbourne. It works. The question is what it is co...

How A Diploma Of Project Management Builds Practical Skills For Modern Work Environments

Developing the ability to plan, execute, and deliver outcomes efficiently is a key requirement in to...