🔒breach.co.nz · the NZ & Australia breach register 🛡️ A Govern service
Register › 🇦🇺 AU › Healthcare

MediSecure

🇦🇺 Melbourne, VIC · MediSecure Pty Ltd · Record AU-2024-0119
● Confirmed
People affected
12,900,000 (approx)
Breach date
2024-04
Regulator
OAIC
Trust tier
A · Confirmed

Data exposed

Prescription and personal health information Media-reported

Confidence: Confirmed = regulator/court · Company-confirmed = the organisation's own disclosure · Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In April–May 2024 MediSecure, a national electronic-prescriptions provider, suffered a ransomware attack that compromised the personal and health information of around 12.9 million Australians [oaic-medisecure]. The incident was coordinated through the National Cyber Security Coordinator, and the company subsequently entered administration.

Timeline

  • 2024-04 — Ransomware attack on MediSecure’s systems [oaic-medisecure].
  • 2024-05 — Public disclosure; ~12.9M people affected [oaic-medisecure].

Current status

The company entered administration and is effectively defunct; the OAIC engaged on the incident. [oaic-medisecure]

Why it matters

One of the largest breaches in Australian history by number of people, and a stark example of a critical health-infrastructure provider collapsing after an attack.