In one of the largest data breaches in Australian history, eScript provider MediSecure has revealed that the personal data of 12.9 million Australians was stolen by hackers earlier this year. 

The breach, which occurred in May, has exposed sensitive information, including full names, phone numbers, dates of birth, home addresses, Medicare numbers, and prescription details.

MediSecure, known for its role in facilitating electronic prescriptions and dispensing, had previously kept the scale of the breach under wraps. However, it has now confirmed that the data stolen dates back to records from November last year. 

The breach has resulted in the publication of a sample of the data on the dark web, although the larger dataset has not yet been publicly released, according to reports.

The 6.5 terabytes of stolen data includes highly sensitive medical information, such as details about prescribed medications, such as the drug name, strength, quantity, repeats, reason for prescription, and usage instructions. 

In a statement released late last week Thursday, MediSecure disclosed the extent of the data stolen. 

It said the theft includes Medicare numbers and card expiry dates, which are particularly concerning as they can be used for identity theft and fraud.

The cyber attack has had significant repercussions for MediSecure. 

Following the breach, the company entered voluntary administration in June after failing to secure a financial bailout from the federal government. 

This left eRx as the sole provider of electronic prescriptions in Australia.

“There is no impact to the current national prescription delivery service, and people should keep accessing their medications and filling their prescriptions,” said Lieutenant General Michelle McGuinness, Australia’s National Cyber Security Coordinator.

She also advised against searching for the leaked dataset online, highlighting that doing so “only feeds the business model of cyber criminals and can be a criminal offence”.

Australians are being urged to remain vigilant against scams that may exploit the MediSecure data breach. 

Authorities advise not to respond to unsolicited contacts referencing the breach and to independently verify any such claims. 

The public is encouraged to be cautious, especially if asked for personal, payment, or banking information by someone claiming to be a medical or financial service provider.