840k-patient per year hospital empire fights ransomware attack

Threat actors have claimed a cyber attack on major hospital empire Mediclinic, claiming to have exfiltrated data, which it threatens to publish if a ransom payment is not made.

840,000 patient per year hospital empire fights ransomware attack

Mediclinic is a South African private hospital group that operates 74 hospitals, 28 outpatient clinics, 21 day case clinics, 6 mental health facilities and 5 subacute hospitals in locations around the world including South Africa, Namibia, Switzerland and the Middle East. It serves 840,000 patients a year, hires 37,000 staff and has a revenue of roughly AU$8.34 billion (US$5.4 billion).

The infamous Everest ransomware group listed Mediclinic on its dark web leak site on 26 May, claiming to have exfiltrated the personal records of 1,000 employees as well as 4 GB of company data.

You’re out of free articles for this month

Username or Email

Password Forgot password?

Keep me signed in on this device.

First Name

Last Name

Mobile

Organisation Type

By becoming a member, I agree to receive information and promotional messages from Cyber Daily. I can opt out of these communications at any time. For more information, please visit our Privacy Statement.

Need help signing up? Visit the Help Centre.

While the threat group gave little detail as to the specifics of the data, it uploaded a sample which contains employee data including job details, nursing classifications, company ID numbers, login methods, weekly hours, job roles, pay types and salary amounts, payslips and more.

It is unclear whether details such as passwords or personal financial information are involved. However, the data that Everest claims to have exfiltrated are a dangerous tool for scammers, allowing them to pose as Mediclinic staff and target other staff, patients and more.

Everest set the countdown timer for the publication of the data at five days. At the time of writing, there are four days and 17 hours remaining.

Mediclinic is yet to comment on the incident.

VIEW ALL

The Mediclinic cyber incident closely follows claims by Everest of a cyber attack on Coca-Cola.

While the threat group listed Coca-Cola on its dark web leak site, the post’s details suggest that Coca-Cola was not in fact the victim, but rather its Middle Eastern bottling partner, the Coca-Cola Al Ahlia Beverages Company, headquartered in Dubai, and which trades publicly as Gulf Coca-Cola Beverages. Multiple members of the Emirati royal family are major shareholders in the company’s parent organisation, the Al-Ahlia Group.

Included in the leaked post were employee details, passport scans that appear to belong to a pair of minors related to a senior executive in the company and other corporate data.

When contacted by Cyber Daily, the Coca-Cola Company did not provide a statement, but it is understood that the Everest attack has not compromised the company at all.

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

You need to be a member to post comments. Become a member for free today!

newsletter

Be the first to hear the latest developments in the cyber industry.

840k-patient per year hospital empire fights ransomware attack

Daniel Croft

OUR PLATFORMS AND BRANDS

EVENTS AND SUMMITS

PODCASTS

LEARNING AND EDUCATION

MOMENTUM MARKETS NETWORK

LINKS

STAY CONNECTED