Epworth Healthcare, a private hospital group in Victoria, Australia, has reportedly been impacted by a data breach attributed to the ransomware group known as Global Group. This group has allegedly released 40 gigabytes of data purporting to be stolen from Epworth, Melbourne Private Hospital, and the Royal Melbourne Hospital, among others.
On Tuesday, Global Group disclosed a dataset on the dark web, claiming it included sensitive patient information, such as appointment records, surgery lists, medical imaging files, and internal payroll details. Additionally, the dataset was said to encompass hospital booking forms spanning several years, specifically from 2018 to 2025 for Melbourne Private Hospital and Epworth Hospital in Richmond. Some folders seemingly dedicated to the Royal Melbourne Hospital included patient records, leave forms, and various medical results.
A spokesperson from Epworth Healthcare stated on Thursday that a thorough investigation, supported by independent cybersecurity experts, found no breach of their IT systems. They emphasized that no data had been accessed, lost, or altered within their environments, and suggested that the ransomware claims could be associated with a third party not connected to Epworth. Meanwhile, a member of Global Group confirmed they had encrypted and targeted Epworth’s data without any indication of success on the hospital’s part.
As pressure builds, Global Group has utilized a public countdown timer on its dark web blog, announcing an upcoming release of alleged Epworth data. Upon the timer’s expiry, the group disclosed what appeared to be a structured file tree containing various documents related to Epworth, alongside incongruous default Windows folders. Epworth has assured that proactive monitoring remains in effect and that relevant authorities have been notified.
This incident highlights a worrying trend, as the Australian healthcare sector continues to face numerous cyber threats. Additional assaults targeting healthcare entities, such as Genea Fertility Australia and MediSecure, reinforce the susceptibility of this sector. Statistics indicate that healthcare organizations accounted for 20% of data breaches reported in 2022, underscoring their vulnerability.
Jason Murrell, co-founder of the Australian Cyber Network, attributes this ongoing threat to systemic issues within healthcare, notably underfunded and legacy systems that struggle to keep pace with cybersecurity demands. The sector’s financial constraints contribute to a heightened likelihood of paying ransoms to avoid operational disruptions, drawing attention to the existing vulnerabilities in hospitals’ IT frameworks.
As cybersecurity remains a significant concern for business owners, understanding the tactics that could be employed by adversaries is essential. The MITRE ATT&CK framework provides insights into potential methodologies used in such breaches. Techniques including initial access, persistence, privilege escalation, and data exfiltration may have been relevant in the context of this alleged attack.
In light of these findings, it is imperative for healthcare organizations and other sectors to bolster their cybersecurity measures. This includes investing in advanced security protocols and ensuring ongoing assessments of their defenses against evolving cyber threats. The potential impact on patient safety and organizational integrity mandates a proactive and informed approach to cybersecurity challenges.
