A hacker claiming to have Australian patient data from the MediSecure data breach has put the information up for sale on a Russian hacking forum for $US50,000 ($75,735)

MediSecure, which provides electronic prescription services to healthcare professionals, last week announced it had been the victim of a large-scale ransomware attack which the Australian Federal Police are now investigating.

A week later, a member of a Russian hacking forum has claimed to be in possession of 6.5 terabytes of data, with personal information, including insurance numbers, names and addresses of thousands of Australians, up for grabs.

“For sale: Database of an Australian medical prescriptions company MedSecure [sic],” the post reads.

“Includes information on citizens, insurance numbers, phone numbers, addresses, full names, supplier information, contractor information, emails, user+passwords for MedSecure website, prescription information (who was prescribed what), IP addresses of visitors to the site and etc.”

The forum member said they would only sell the information to one buyer.

Australia’s national cybersecurity coordinator, Lieutenant General Michelle McGuinness, is working with federal government agencies and states and territories to respond to the incident. The Australian information commissioner is also investigating whether MediSecure complied with federal laws requiring companies to notify authorities when they become aware of a data breach.

Cybersecurity analyst group CyberKnow said their research indicated the forum post was likely legitimate.

“The threat actor created their account on May 15, 2024, and may well have created it for the sole purpose of attempting to sell the stolen MediSecure data. They have not posted anything else to the forum,” CyberKnow said in a statement.