840,000 patient per year hospital empire fights ransomware attack
Threat actors have claimed a cyber attack on major hospital empire Mediclinic, claiming to have exfiltrated data, which it threatens to publish if a ransom payment is not made.
Mediclinic is a South African private hospital group that operates 74 hospitals, 28 outpatient clinics, 21 day case clinics, 6 mental health facilities and 5 subacute hospitals in locations around the world including South Africa, Namibia, Switzerland and the Middle East . It serves 840,000 patients a year, hires 37,000 staff and has a revenue of roughly A$8.34 billion (US$5.4 billion).
The infamous Everest ransomware group listed Mediclinic on its dark web leak site on May 26, claiming to have exfiltrated the personal records of 1,000 employees as well as 4GB of company data.
You’re out of free articles for this month
While the threat group gave little detail as to the specifics of the data, it uploaded a sample which contains employee data including job details, nursing classifications, company ID numbers, login methods, weekly hours, job roles, pay types and salary amounts, payslips and more.
It is unclear whether details such as passwords or personal financial information are involved. However, the data that Everest claims to have exfiltrated are a dangerous tool for scammers, allowing them to pose as Mediclinic staff and target other staff, patients and more.
Everest set the countdown timer for the publication of the data at five days. At the time of writing, there are 4 days and 17 hours remaining.
Mediclinic is yet to comment on the incident.
The Mediclinic cyber incident closely follows claims by Everest of a cyber attack on Coca-Cola.
While the threat group listed Coca-Cola on its dark web leak site, the post’s details suggest that
Coca-Cola was not in fact the victim, but rather its Middle Eastern bottling partner, the Coca Cola Al Ahlia Beverages Company, headquartered in Dubai, and which trades publicly as Gulf Coca Cola Beverages. Multiple members of the Emirati royal family are major shareholders in the company’s parent organisation, the Al-Ahlia Group.
Included in the leaked post were employee details, passport scans that appear to belong to a pair of minors related to a senior executive in the company and other corporate data.
When contacted by Cyber Daily, the Coca-Cola Company did not provide a statement, but it is understood that the Everest attack has not compromised the company at all.
Daniel Croft
Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.
