Crown Princess Mary Cancer Centre

The Crown Princess Mary Cancer Centre, also known as CPMCC, is a specialized medical facility located at Westmead Hospital in Australia. It operates as a dedicated cancer treatment and care centre, providing services to patients within the Western Sydney region and the broader New South Wales community. The centre functions under the clinical and administrative umbrella of Westmead Hospital, which is a major public health institution. Its core mission is focused on oncology, delivering diagnosis, treatment, and supportive care for individuals with cancer. The centre's identity is closely tied to its namesake, Crown Princess Mary of Denmark, reflecting a patronage or naming association. As a component of a large public hospital network, its services are integrated into the public healthcare system, serving a diverse patient population.

In May 2023, the Crown Princess Mary Cancer Centre was explicitly targeted by the Medusa ransomware group. This cybercriminal operation listed the centre on its dedicated leak site, employing a countdown timer to pressure for a ransom payment in exchange for not publishing stolen data. The incident was promptly detected as a threat, leading NSW Health authorities to launch an official investigation into the security breach. A key finding from this investigation was that the attack did not result in the compromise of any databases belonging to the health system or the cancer centre itself. This distinction indicates that while the centre was a named target of extortion, the core operational and patient data systems remained unaffected. The event highlighted the centre as a specific point of interest for cyber threats within the public health sector, underscoring the persistent risk faced by medical institutions. The response was coordinated through the state health authority, demonstrating an established protocol for such security incidents within the public health framework. The centre's operational continuity following the investigation suggests its systems were resilient to the attempted data encryption or exfiltration claimed by the attackers. This documented incident forms a significant, verifiable part of the centre's recent operational history.