Cyber Incident Victim: Regis

In early August 2020, ASX-listed Australian aged care provider Regis suffered a ransomware attack conducted by an overseas threat actor known as the Maze Team. The attackers infiltrated Regis's systems, exfiltrated sensitive resident data, and subsequently published stolen information on their public leak site as proof of the compromise. The disclosed data included personal details and photographs of aged care residents, exposing vulnerable individuals to potential privacy violations. Maze operators provided both publicly viewable samples on their platform and a downloadable zipped archive containing additional files. While many files in the archive appeared to be general operational documents related to facility management, others contained identifiable information about specific residents. The attack occurred amid operational challenges for Regis, including a concurrent COVID-19 outbreak at one of its Melbourne facilities, though the company confirmed the cyber incident did not disrupt care services.

Regis formally disclosed the breach to investors on August 3, 2020, attributing the attack to an "overseas third party" while acknowledging the unauthorized data copying and public release. The company's market valuation stood at approximately $400 million at the time of the incident. Maze's leak site update coincided with their publication of data from a California-based orthopedic facility, indicating coordinated targeting of healthcare providers across multiple jurisdictions. No details emerged regarding ransom demands, payment negotiations, or specific cybersecurity measures taken by Regis following the breach. The public release of resident photographs and personal information represented a significant privacy breach for aged care recipients, though the company did not disclose the total number of affected individuals or the full scope of compromised data categories beyond what Maze publicly demonstrated.