Mediclinic, the $5.4 billion international private hospital group, has allegedly fallen victim to a significant cyberattack by the notorious Everest Group ransomware gang.
The hackers are threatening to leak sensitive employee and internal company data unless a ransom is paid, according to a note posted on their dark website on May 26th.
According to CyberNews, the Everest Group claims to have stolen the personal data of 1,000 Mediclinic employees and 4GB of the company’s internal and confidential data.
The gang has given Mediclinic a five-day deadline to initiate contact and agree to their demands before the stolen information is publicly released.
This tactic is a common pressure point employed by ransomware groups to compel victims into payment.
Founded in 1983, Mediclinic operates hospitals across South Africa, Namibia, Switzerland, and the United Arab Emirates.
The full scope of the alleged breach remains unknown, but given Mediclinic’s involvement in medical operations, the compromised data could be highly sensitive, potentially endangering individuals affected by the breach and disrupting the company’s critical services.
As per Cybernews researchers, the implications of such a breach could be severe, particularly concerning internal and confidential documents.
“This kind of breach, with internal and confidential documents accessed, is especially dangerous for employees,” they said.
Stolen data could be exploited for identity theft, financial fraud, or sophisticated phishing attacks, where threat actors could impersonate Mediclinic personnel to extract further sensitive details from unsuspecting victims.
The research team also warned of broader consequences, adding, “As there could be documents about the company’s internal workings, this can open doors to further attacks on the infrastructure and possibly legal action against the company.”
The Everest ransomware crew, believed to be linked to the Russia-affiliated BlackByte cartel, has been active since mid-2021 and has an extensive history of high-profile cyberattacks.
Earlier this month, Everest group publicly named Coca-Cola as one of its victims on its dark web leak site.
As proof, the hackers shared screenshots allegedly showing access to internal company documents and the personal information of 959 employees. This sensitive data reportedly includes visa and passport scans, salary details, and various other HR-related records.
The group was also behind the October 2022 attack on AT&T, where they reportedly offered access to the entire AT&T corporate network.
According to Cybernews’ dark web tracker Ransomlooker, the Everest Group has listed 248 victims since the beginning of 2023, solidifying their reputation as a prolific and dangerous ransomware operation.
The healthcare sector, with its trove of highly sensitive personal and medical information, remains a prime target for such malicious actors.
Mediclinic Group
Mediclinic Group is a leading international private healthcare provider operating across South Africa, Switzerland, and the United Arab Emirates. Founded in 1983 in South Africa, the company has grown to become one of the largest private hospital operators globally, serving diverse markets with comprehensive medical services.
The group operates over 75 hospitals and healthcare facilities, employing thousands of medical professionals and support staff.
In South Africa, Mediclinic maintains a strong presence with facilities in major urban centers, offering tertiary care and specialized medical services. Their Swiss operations include premium healthcare facilities that cater to both local and international patients, while their UAE division provides world-class medical care in Dubai and Abu Dhabi.
The company is listed on the London Stock Exchange and has demonstrated consistent growth through strategic acquisitions and organic expansion.
Mediclinic now faces a critical decision in the coming days, balancing the demands of the attackers against the potential fallout of a data leak and the integrity of its global operations.
