Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Data allegedly belonging to Victorian not-for-profit private hospital Epworth HealthCare has been published by threat actors following their claims last week that data had been exfiltrated.
On Tuesday (10 June) morning this week, the Global Ransomware group posted what it said was 40 gigabytes of Epworth HealthCare data it had exfiltrated the week before.
According to the listing, data includes specific medical imagery and results, specific named case files, appointment details, doctor letters, accommodation details, rosters, consent documents, admission forms, employee handouts, medication profiles, pathology referrals, invoices, payroll data, database logs, letters to patients from doctors and more.
The data also included alleged booking information for both Epworth Hospital and Melbourne Private Hospital from 2018 to 2025, as well as specific files pertaining to Royal Melbourne Hospital.
Speaking with Information Age, a member of Global Ransomware said they had indeed breached Epworth.
“We took around 40GB and they were encrypted,” the hacker said last week.
However, Epworth told Cyber Daily last week that its systems were not breached but that the network of a third party may have suffered an incident.
“Epworth HealthCare has completed a thorough investigation – supported by independent cyber security specialists – into claims made yesterday afternoon on the dark web alleging an IT compromise,” the company said.
“We can confirm that Epworth’s IT systems have not been breached or compromised. No data stored within Epworth’s IT environments has been accessed, lost or altered, patient care remains fully operational and safe across all Epworth hospitals [and] investigations indicate the claims may relate to a third party that is not connected to Epworth’s IT environment. The third party has been notified.”
While Epworth did not name the third party, it would make sense that data belonging to other Victorian medical facilities also appeared in the alleged leak.
Cyber Daily has reached out to Epworth for comment on the publication of the data.
The Global Ransomware group is a fresh and new operation, with Epworth appearing to be the first victim listed on its site.
The threat actor listed 15 victims on its dark web leak site at the time of writing, with the first being Epworth on 2 June.
Based on Cyber Daily’s investigations, the data for the UK organisation appears to be legitimate, which could suggest that the group also has legitimate Epworth data obtained from this third party; however, this has not been confirmed.
Be the first to hear the latest developments in the cyber industry.
