What happened
In April–May 2024 MediSecure, a national electronic-prescriptions provider, suffered a ransomware attack that compromised the personal and health information of around 12.9 million Australians [oaic-medisecure]. The incident was coordinated through the National Cyber Security Coordinator, and the company subsequently entered administration.
Timeline
- 2024-04 — Ransomware attack on MediSecure’s systems [oaic-medisecure].
- 2024-05 — Public disclosure; ~12.9M people affected [oaic-medisecure].
Current status
The company entered administration and is effectively defunct; the OAIC engaged on the incident. [oaic-medisecure]
Why it matters
One of the largest breaches in Australian history by number of people, and a stark example of a critical health-infrastructure provider collapsing after an attack.