Patient medical data stolen in one of the nation’s biggest cyber attacks appears to have been sold on the dark web, possibly for US$50,000 ($75,000) a cyber security expert says.

E-script provider MediSecure last week revealed 13 million Australians who used the company’s prescription delivery service from March 2019 to November 2023 had their personal and medication data stolen.

Medication data stolen include strengths, quantities and repeats as well as the reason for the script and doctor’s instructions

Now, a cybersecurity expert says he is “very confident” the data have been sold on the dark web and may be up for resale.