Half of Australia hit by hack bigger than Optus, Medibank cyberattacks

The eprescription provider’s administrators released an update on the incident this evening, in which it said 12.9 million Australians’ details were compromised in the April hack.

That makes it bigger than the Optus and Medibank data breaches in 2022.

However, the administrators said MediSecure didn’t have the financial means to identify exactly which of its customers were impacted, making it impossible for them to be notified that their data had been stolen.

“MediSecure can confirm that approximately 12.9 million Australians are impacted by this incident based on individuals’ healthcare identifiers,” administrators FTI Consulting said in a statement.

“However, MediSecure is unable to identify the specific impacted individuals despite making all reasonable efforts to do so due to the complexity of the data set.”

The impacted server analysed by an external adviser consisted of an extremely large volume of semi-structured and unstructured data stored across a variety of data sets.

“This made it not practicable to specifically identify all individuals and their information impacted by the Incident without incurring substantial cost that MediSecure was not in a financial position to meet.”

The company also doesn’t know what data had been compromised, only that 6.5 terabytes was stolen – the equivalent of billions of pages of text.

“The investigation indicated that 6.5TB of data stored on the server was likely exfiltrated by a malicious third-party actor, however the encrypted server could not be examined to ascertain the information specifically accessed,” the administrators said.

The hack happened in April, but MediSecure didn’t notify the public of the incident until May.

It had provided a system to allow healthcare professionals like GPs to send prescriptions to patients electronically, but hadn’t been used since November 15 for new electronic prescriptions after the federal Health Department made eRx the sole e-script provider.