Hackers just hit a $5B hospital empire, demand ransom

A notorious ransomware gang has claimed it breached Mediclinic, a $5B hospital empire. It’s now threatening to leak sensitive employee and internal data unless it gets paid.

A ransomware cartel has claimed an international private hospital group, Mediclinic, as one of its latest victims. Founded in 1983, the group operates hospitals in South Africa, Namibia, Switzerland, and the United Arab Emirates. The company’s revenue reaches $5.4 billion.

According to a note posted on the dark website on May 26th, Everest Group ransomware stole the personal data of 1,000 company employees and 4GB of Mediclinic’s internal and confidential data.

The gang gave the company five days to contact them and make an agreement before releasing the stolen data. This is a common practice used by ransomware gangs to pressure victims to pay a ransom.

Internal documents allegedly stolen

It’s unknown what the entire scope of the alleged breach is, but given that the company deals with medical operations, the data could be highly sensitive. If confirmed, it would endanger individuals affected by the breach and the company’s operations.

“This kind of breach, with internal and confidential documents accessed, is especially dangerous for employees,” say Cybernews researchers.

Attackers could use the stolen data for identity theft, fraud, or targeted phishing attacks. Threat actors could craft convincing emails and messages, impersonating Medical personnel to lure additional details from unsuspecting victims.

“As there could be documents about the company's internal workings, this can open doors to further attacks on the infrastructure and possibly legal action against the company,”

the research team added.

Cybernews reached out to the company, but a response has yet to be received.

What is Everest Group ransomware?

The Everest ransomware crew, allegedly tied to the Russia-linked BlackByte cartel, has been making moves since mid-2021.

Just this month, the gang claimed multinational soft drinks producer Coca-Cola. The gang allegedly stole nearly a thousand employees' data alongside confidential internal documents.

The gang was also behind the October 2022 attack on AT&T, offering alleged access to the entire AT&T corporate network. According to Cybernews’ dark web tracker Ransomlooker, the gang has listed 248 victims since 2023.