Modern Australian
The Times

We still don’t know the extent of the MediSecure breach, but watch out for these potential scams

  • Written by Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University
We still don’t know the extent of the MediSecure breach, but watch out for these potential scams

On Thursday last week, Australian media began reporting that an unnamed “commercial health information organisation” had been targeted by cyber criminals.

Within hours, reports quickly confirmed that data relating to digital prescriptions for Australian patients had been caught up in a ransomware incident at the Melbourne-based MediSecure.

The public may be concerned at the lack of information shared to date, with the Australian government still saying it is in the preliminary stages of its response, and investigations are ongoing.

It is quite normal for such investigations to take time. In fact, it’s likely to be several days (even weeks) before we have a full picture of the impact.

While these investigations progress, it is important to be alert to opportunistic scams that are likely to emerge in the coming days – even if you have never received a digital prescription.

Am I a victim of the MediSecure breach?

MediSecure provided digital prescription (eScript) services across Australia until late 2023. The company would have held personal details and some limited medical data relating to prescriptions.

If you received a prescription (via email or SMS) prior to November, it is possible your medical practice was using the MediSecure prescription system. You can potentially check this by consulting older scripts and seeing if the hyperlink was issued via MediSecure.

However, there is currently no information that would allow us to determine who is affected. For many, this will be disappointing as there would obviously be records that would indicate which healthcare practices were using the prescription service from MediSecure.

It is, however, possible this data is currently inaccessible due to the ransomware incident. Alternatively, the government may be working with providers to plan communications with those who are affected. This could be a good way to manage the sharing of information with these people, if handled in a timely fashion.

What about more recent prescriptions?

From November 15 2023, MediSecure ceased processing prescriptions in Australia after a tender process allocated the contract to a single company, eRx. Almost 190 million digital prescriptions were issued in the last four years between the two providers.

The government has provided assurance that services provided by eRx have not been affected:

People should keep accessing their medications and filling their prescriptions. This includes prescriptions (paper and electronic) that may have been issued up until November 2023.

Close-up of a medicare card in a black leather wallet with numbers partially obscured.
The government is assuring people that Medicare card details alone can’t be used as identifying information. AAP Image/Dave Hunt

Look out for potential scams

The priority at the moment is to determine the level of the breach. Investigations will reveal if the company has simply been locked out of its systems, or if data was also stolen.

Meanwhile, there is potential for scams to start appearing – including ones that originate from completely unrelated criminal groups.

Criminals won’t miss an opportunity to capitalise on a public interest story, including significant events. Following the Optus data breach, it did not take long before criminals were establishing new campaigns to manipulate the public in the wake of a major security issue.

It is highly likely we will soon see scams that use the MediSecure story as a “hook”. This could be as simple as providing a link to “find out if you are a victim” or even offering to help alleged victims reclaim their data and/or identity.

If, however, the criminals behind the MediSecure ransomware have taken the data for their own use, we are potentially facing much bigger issues.

With access to personal information, prescription data and (possibly) a person’s Medicare card number, scammers can add an air of authenticity to their campaigns.Imagine receiving an official-looking email that includes the final four digits of your Medicare card to “verify” the email is genuine. The email might even assure you it is genuine by saying it has not included the full number for “your security”.

If stolen data is then released (likely on the dark web), there is potential for other criminals to use the data in campaigns. This recently happened following the Optus data breach.

What next?

The investigation will be continuing for the coming weeks. The primary aim is to determine how much data has been accessed, if it has been copied and how many people are affected.

So far, we have been assured no identity documentation is at risk, as Medicare records contain limited information that would not allow for identity theft.

The most important message at the moment is to be alert. We are likely to see scams emerging over the coming days that will leverage this incident. Many will likely be very convincing.

If you receive direct communications claiming to be from MediSecure, stop. Refer to the Home Affairs website which will be updated with the latest information.

The Australian Competition and Consumer Commission’s Little Black Book of Scams is a great reference to raise awareness of the techniques used by cyber criminals.

Authors: Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University

Read more https://theconversation.com/we-still-dont-know-the-extent-of-the-medisecure-breach-but-watch-out-for-these-potential-scams-230402

How Long Do Bathroom Renovations Melbourne Take? Step-by-Step Process Explained

Planning a bathroom renovation is exciting, but one of the biggest questions homeowners ask is, "How long will it take?" While every project is uniq...

Why Your Skin Breaks Out: The Science of Acne Explained

Acne is the most common skin condition in the world. An estimated 85% of people experience it at some point between the ages of 12 and 24, and a gro...

10 Swimwear Trends Australian Women Are Wearing This Summer

Every Australian summer brings a fresh wave of swimwear trends, but some styles have much greater staying power than others. While fashion constantly ...

Why Regular Skills Updates Are Essential for Licensed Security Officers

A guard at a Brisbane shopping centre gets a call about a shoplifter who's turned aggressive.  They’ve done the job for six years. But their de-...

10 Benefits of Choosing Professional Tutoring Penrith Services

Every student has unique learning strengths, challenges, and academic goals. While classroom teaching provides essential knowledge and structure, so...

Sunshine Coast Baby Classes Prove Big Hit Among First-Time Mums

There's a movement gaining traction on the Sunshine Coast, providing a village of support, socialisation and relief for first-time mothers and babie...

Father's Day Gift Ideas for Men Who Are Hard to Buy For

Some dads are easy to buy for. Others do not want anything, already have everything, or give you the classic "don't worry about me" answer every yea...

Top 5 Mistakes That Wear Out Your Brakes Faster

Brakes don't need frequent replacements like oil changes do.   But a lot of the wear happens quietly, over months, because of habits most drivers...

Plantation Shutters vs Curtains: Which Is Better for Your New Home?

Moving into a new home is an exciting opportunity to personalise your space and make it your own. While many homeowners focus on furniture, flooring...

Celebration of Life vs Traditional Funeral: What's the Difference?

When saying goodbye to someone you love, there is no single way to honour their life. Every family has different traditions, beliefs, and preference...

Building Approval for Roofing Projects: What Homeowners Need to Know

Roofing projects are an important part of maintaining and protecting your home. Whether you're repairing storm damage, replacing an ageing roof, or ...

Chatswood Tutoring And Its Role In Academic Achievement

Academic success often requires more than classroom attendance alone. Students face increasing expectations as they progress through school, particu...

Why Laser Hair Removal Treatments Continue Growing In Popularity

Managing unwanted hair can become time-consuming and frustrating for many people, especially when shaving, waxing, and other temporary methods requi...

Choosing the Right Devices for a Flexible Workplace

For IT leaders managing large fleets, the device layer is where workforce productivity and security policy meet. The shift towards flexible and hybrid...

How Business Advisory Services Help Companies Achieve Sustainable Growth

Every business owner aims to build a profitable and sustainable organisation. While dedication, innovation, and hard work are important, achieving l...

Why Body Contouring Has Become A Popular Cosmetic Treatment

Many people maintain healthy lifestyles through regular exercise and balanced eating habits but still struggle with stubborn areas of fat that are d...

How to Choose the Right POS Hardware for Your Business in Australia

A lot of Australian business owners spend weeks researching POS software but buy hardware almost as an afterthought. That's a mistake. The wrong har...

Why Material Handling Hose Is Critical for Industrial Efficiency

A high-performance material handling hose is an essential component in industries that transport abrasive, dry, or bulk materials on a daily basis...