The Target: MediSecure, an Australian electronic prescription provider.
The Take: The impacted data included personal information including full names, titles, dates of birth, gender, email addresses, phone numbers, and individual healthcare identifiers (IHI).
The Vector: An early forensic investigation by the company into the relevant impact of the incident indicated that 6.5TB of data stored on a database server was likely exfiltrated by a malicious third-party actor, although, encrypted servers couldn’t be examined for further details.
This breach is critical reminder that zero-day exploits do happen, and furthermore that patching software in a timely, effective manner is a key component of ensuring customer data is protected. Ensuring third-party vendors are deploying patches and fixes in accordance with a firm’s cybersecurity policy is an important step in an overall robust security posture.