I missed this in regard to #medisecure

"The OAIC will not pursue an investigation into the personal information handling practices of MediSecure as the possible remedies that we could obtain for the community will not be proportionate to the resources required for a comprehensive investigation. This should not be of comfort to any organisations that hold personal information and do not have appropriate data security policies and practices in place."

https://www.oaic.gov.au/news/media-centre/statement-on-medisecure-data-breach-september-2024

So the OAIC has done nothing, there have been no changes to the design of electronic prescribing systems to prevent this happening again, and no news that I know of from the AFP on their investigation.

@daedalus

#MediSecure, an electronic medical prescription provider, was hacked earlier this year. The result is 12.9 million profiles of #Australian users currently for sale in the dark web.

As usual, given the anaemic data protection and privacy laws in #Australia, MediSecure has not even bothered so far to notify any of the people affected. They know they will not be held accountable and there will be no consequences to their irresponsibility.

DATE: July 22, 2024 at 04:48PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

#EPrescription Vendor #DataBreach Affects 12.9 Million #Aussies https://t.co/9VEVQXO4Ed #MediSecure #Australia

Here are any URLs found in the article text:

https://t.co/9VEVQXO4Ed

Articles can be found by scrolling down the page at https://www.healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: https://www.clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

In the ever-evolving landscape of cybersecurity, another chilling chapter has been written. Hidden amidst the #CrowdStrike news cycle, a devastating revelation emerged: #MediSecure has fallen victim to a colossal #ransomware attack, compromising the personal #data of 12.9 million individuals. This #breach exposes our digital infrastructure’s vulnerabilities.

Names, addresses, medical histories, and more—intimate details of millions—now rest in the hands of cybercriminals. The sheer scale of this attack highlights the urgent need for a seismic shift in our approach to cybersecurity.

A critical component is recognizing the importance of machine-to-machine (M2M) identity access management. In our interconnected world, ensuring each machine has a secure identity is paramount. This added security layer can prevent unauthorized access and mitigate breach risks.

Investment in cutting-edge technology and unwavering commitment to security must become our new standard.

#MediSecure data breach impacted 12.9 million individuals
https://securityaffairs.com/165932/security/medisecure-databreach-12-9m-individuals.html
#securityaffairs #hacking

As several other fellow tech nerds have commented: given that dataset and the likely database structures, we could figure out who most of the people are, because we have done similar stuff before and it's fiddly but not super hard.

Indeed! Ponder, then, on the purpose of making it seem very difficult and mysterious and why the people doing that might want to give that impression.

Why is it weasel words? Because look at the kind of data that was taken:

"
full name;
title;
date of birth;
gender;
email address;
address;
phone number;
individual healthcare identifier (IHI);
Medicare card number, including individual identifier, and expiry;
Pensioner Concession card number and expiry;
Commonwealth Seniors card number and expiry;
Healthcare Concession card number and expiry;
Department of Veterans’ Affairs (DVA) (Gold, White, Orange) card number and expiry;
prescription medication, including name of drug, strength, quantity and repeats; and
reason for prescription and instructions.
" #MediSecure

New statement from MediSecure, now on a Wordpress domain:

https://medisecurenotification.wordpress.com/

The key update is that yes, everything in prescriptions was "impacted":

"The impacted server analysed by McGrathNicol Advisory consisted of an extremely large volume of semi-structured and unstructured data stored across a variety of data sets. This made it not practicable to specifically identify all individuals and their information impacted by the Incident without incurring substantial cost that MediSecure was not in a financial position to meet.

The analysis of the data can confirm that the kinds of information impacted by this Incident includes:
full name;
title;
date of birth;
gender;
email address;
address;
phone number;
individual healthcare identifier (IHI);
Medicare card number, including individual identifier, and expiry;
Pensioner Concession card number and expiry;
Commonwealth Seniors card number and expiry;
Healthcare Concession card number and expiry;
Department of Veterans’ Affairs (DVA) (Gold, White, Orange) card number and expiry;
prescription medication, including name of drug, strength, quantity and repeats; and
reason for prescription and instructions."

12.9 Million Australians Impacted in MediSecure Data Breach https://thecyberexpress.com/12-9-million-australians-impacted-in-medisecure-data-breach/ #largesthealthcaredatabreach #MediSecuredatabreach #TheCyberExpressNews #CybersecurityNews #CyberEssentials #TheCyberExpress #DataBreachNews #FirewallDaily #databreach #MediSecure #Australia #OAIC #ASD

Australian eScript company #MediSecure in administration just weeks after confirming large cyber attack #ransomware

https://www.abc.net.au/news/2024-06-05/hacked-health-company-goes-into-administration-/103938942

#Cyberattack target #MediSecure enters voluntary administration. Prescription delivery service provider , which fell victim to a large-scale #cyberbreach that compromised the personal health information of thousands of Australians in April, has entered voluntary administration and is expected to face its creditors later this month. #itsecuriry #hacking #CyberSecuriy

https://www.smh.com.au/business/companies/cyberattack-target-medisecure-enters-voluntary-administration-20240605-p5jjhi.html

I like to fall back on "the elites are lying to the public because they're afraid the public will notice how incompetent they really are" in the absence of direct evidence. Mostly because that's what history shows was usually going on with the elites. #MediSecure

So now with the #Medisecure data exposed all over the dark web, that's twice in a week my #MentalHealth information has been compromised by privacy breaches. Through no fault of my own. Seriously considering insisting everything go back to paper and snail mail.

Welp, looks like the #MediSecure database was completely copied. https://www.smh.com.au/technology/medisecure-patient-data-up-for-sale-on-russian-hacking-forum-20240524-p5jggb.html

Here is me talking about the #MediSecure data breach on Weekend Sunrise from the weekend.

I am confirmed to be going on the TV about this #MediSecure data breach on Weekend Sunrise tomorrow at about 8:20am.