Ransomware gang claims cyberattack on Mediclinic, threatens data leak

A ransomware group known as the Everest Group has claimed responsibility for a cyberattack on Mediclinic, a prominent international private hospital group. The gang alleges it has obtained sensitive internal data and personal information belonging to approximately 1,000 employees, and is now threatening to release the data unless a ransom is paid.

Mediclinic, a healthcare provider with operations in South Africa, Namibia, Switzerland, and the United Arab Emirates, reported annual revenues of $5.4 billion. Founded in 1983, the company operates a network of hospitals and medical facilities serving a broad range of healthcare needs.

On May 26, the Everest Group posted a message on a dark web site stating it had successfully breached Mediclinic’s internal systems. The group claims to have exfiltrated 4GB of confidential internal documents and personnel data, and has given the company five days to initiate contact and negotiate a settlement before it begins leaking the stolen information.

The full extent of the breach has not yet been verified, and Mediclinic has not issued a public response as of the time of this report. However, cybersecurity experts warn that the stolen data, if authentic, could be highly sensitive, given the nature of Mediclinic’s operations.

“This kind of breach, with internal and confidential documents accessed, is especially dangerous for employees,” researchers at Cybernews stated. They noted that such information could be exploited for identity theft, fraud, or targeted phishing campaigns. In particular, cybercriminals could impersonate Mediclinic staff to deceive others into revealing further sensitive information.

The breach could also present a broader risk to the company’s operational infrastructure. If documents regarding internal systems and procedures were exposed, it may open the door to subsequent attacks or trigger potential legal and regulatory consequences.

The Everest Group has been active since at least mid-2021 and is reportedly associated with the Russia-linked BlackByte cartel. The group has previously targeted high-profile organizations, including an attack earlier this month on multinational beverage company Coca-Cola, during which it allegedly stole data belonging to nearly 1,000 employees. In October 2022, the group also claimed an intrusion into the corporate network of telecommunications giant AT&T.

According to Cybernews’ dark web tracker Ransomlooker, Everest Group has claimed 248 victims since 2023, reflecting a persistent and expanding campaign of cyber extortion.