Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
The hospital group has said a third-party provider may have been breached.
Australian not-for-profit private hospital group Epworth HealthCare has denied claims made by threat actors that the company’s network was breached and data was stolen.
Founded in Richmond, Victoria, in 1920, Epworth is the state’s largest not-for-profit private hospital group. It is a pioneer in treatment with achievements such as having the “first open heart surgery facility in a private hospital in Victoria” and establishing the “first private Emergency Department in Victoria accredited to accept time-critical medical patients”.
On 2 June, Epworth was listed on the dark web leak site of the Global ransomware operation. While the threat actors did not disclose details of the incident, they announced that data would be released on 9 June.
However, responding to requests to comment by Cyber Daily, Epworth has said that no incident or network breach occurred and that it can confirm no breach of its systems.
“Epworth HealthCare has completed a thorough investigation – supported by independent cyber security specialists – into claims made yesterday afternoon on the dark web alleging an IT compromise,” the company said.
“We can confirm that Epworth’s IT systems have not been breached or compromised. No data stored within Epworth’s IT environments has been accessed, lost or altered, patient care remains fully operational and safe across all Epworth hospitals [and] investigations indicate the claims may relate to a third party that is not connected to Epworth’s IT environment. The third party has been notified.”
Epworth did not identify the third party but said that it continues to monitor the situation and has engaged “relevant state and federal authorities”.
The Global ransomware group is a fresh and new operation, with Epworth appearing to be the first victim listed on its site.
The threat actor listed four victims on its dark web leak site at the time of writing, but it has only released data on one – UK vehicle repair company Motor World ARC.
Based on Cyber Daily’s investigations, the data for the UK organisation appears to be legitimate, which could suggest that the group also has legitimate Epworth data obtained from this third party; however, this has not been confirmed.
Be the first to hear the latest developments in the cyber industry.
