cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Australian healthcare provider hacked, client medical data published

An Australian preventative healthcare operator has had a swathe of employee and patient data posted – for free download – on the darknet.

user icon David Hollingworth
Thu, 17 Aug 2023
Australian healthcare provider hacked, client medical data published
expand image

The ransomware group Rhysida – a relative newcomer on the hacking scene – posted 186 gigabytes of data comprising more than 108,000 files belonging to Optimum Health Solutions on its leak site.

According to Rhysida, the posting consists of 85 per cent of the total data apparently exfiltrated, with the rest presumably sold.

“Not sold data was uploaded, data hunters, enjoy,” read a note accompanying the leaked data.

The posted data includes medical files such as NDIS client agreements and late payment details, while the employee data includes passport details and more. Many emails and other patient and employee credentials are also present.

Cyber Security Connect has seen some of the documents, which appear genuine.

Optimum Health Solutions is “Australia’s leading preventative health company”, according to the company’s own website. It has offices throughout NSW and Tasmania. Its services include physiotherapy, occupational therapy, and dietetics.

The Rhysida ransomware group seems to have begun operating in May 2023, when its leak site went live. One of the features of the gang’s operations involves leaving victims with a unique code to enter on its leak site to begin negotiations.

How Rhysida obtained Optimum’s data remains unknown, but the gang usually uses either Cobalt Strike or phishing campaigns to gain access to target networks. According to researchers at SentinelOne, the group’s operations are still in development and lack the sophistication of more established ransomware groups.

Nonetheless, the group already has a long list of victims on its leak site, from a school in Paris to a concrete plant in Germany. The group’s targeting seems largely opportunistic at this stage.

While Optimum’s data has now been published, Rhysida currently has two ongoing “auctions” on its site. The gang appears to use multi-extortion techniques, threatening to sell data to the highest bidder while waiting for a ransom payment, and then publishing the data wholesale if neither a ransom nor a winning bid is received.

“With just 7 days on the clock, seize the opportunity to bid on exclusive, unique, and impressive data,” one auction note – for data belonging to the National Institute of Social Services for Retirees and Pensioners in Latin America – reads. “Open your wallets and be ready to buy exclusive data. We sell only to one hand, no reselling, you will be the only owner!”

We have reached out to Optimum Health Solutions for comment.

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.