Australian Medical Council: Exclusive: Australian Medical Council denies ransomware attack in wake of false claim

Australian Medical Council: Exclusive: Australian Medical Council denies ransomware attack in wake of false claim

ThreeAM Ransomware Group Falsely Claims Australian Medical Council as Victim

On 12 June, the ThreeAM ransomware group listed the Australian Medical Council (AMC) as one of a dozen victims on its darknet leak site. However, the AMC has denied being breached, stating that the data published by the hackers does not belong to the organization.

An AMC spokesperson confirmed that the council does not hold patient data and has no role in delivering health services. The AMC has reported the incident to the Australian Cyber Security Centre (ACSC) for further investigation.

While the leaked dataset includes documents such as business processes, blank forms, and correspondence featuring the letterhead of Aghapy Medical Centre in Victoria, no patient records appear to have been exposed. The Aghapy Medical Centre has declined to comment.

Who is ThreeAM?

ThreeAM is a Russian-speaking ransomware group first observed in September 2023, with suspected ties to LockBit and BlackSuit. The group employs double-extortion tactics, encrypting victims' data while threatening to leak stolen information unless a ransom is paid.

Since its emergence, ThreeAM has claimed 85 victims, with its most recent confirmed Australian target being ANU Enterprise in November 2024. The group’s ransom note warns of encrypted files and vanished backups, promising to restore systems only upon payment.

The incident highlights the growing trend of ransomware actors misrepresenting breaches or exaggerating the significance of stolen data.

Source: https://www.cyberdaily.au/security/13757-exclusive-australian-medical-council-denies-ransomware-attack-in-wake-of-false-claim

Australian Medical Council cybersecurity rating report: https://www.rankiteo.com/company/australian-medical-council

"id": "AUS1781591338",
"linkid": "australian-medical-council",
"type": "Ransomware",
"date": "6/2026",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'industry': 'Healthcare/Regulatory',
                        'location': 'Australia',
                        'name': 'Australian Medical Council (AMC)',
                        'type': 'Medical Council'},
                       {'industry': 'Healthcare',
                        'location': 'Victoria, Australia',
                        'name': 'Aghapy Medical Centre',
                        'type': 'Medical Centre'}],
 'data_breach': {'data_exfiltration': 'Yes (leaked on darknet)',
                 'file_types_exposed': ['Documents', 'Forms', 'Correspondence'],
                 'personally_identifiable_information': 'No',
                 'sensitivity_of_data': 'Low (no patient records or sensitive '
                                        'personal data)',
                 'type_of_data_compromised': 'Business documents, '
                                             'correspondence'},
 'date_detected': '2024-06-12',
 'date_publicly_disclosed': '2024-06-12',
 'description': 'On 12 June, the ThreeAM ransomware group listed the '
                'Australian Medical Council (AMC) as one of a dozen victims on '
                'its darknet leak site. However, the AMC has denied being '
                'breached, stating that the data published by the hackers does '
                'not belong to the organization. The leaked dataset includes '
                'documents such as business processes, blank forms, and '
                'correspondence featuring the letterhead of Aghapy Medical '
                'Centre in Victoria, but no patient records appear to have '
                'been exposed.',
 'impact': {'brand_reputation_impact': 'Potential reputational harm due to '
                                       'false claims',
            'data_compromised': 'Business processes, blank forms, '
                                'correspondence'},
 'investigation_status': 'Ongoing (ACSC investigation)',
 'lessons_learned': 'Ransomware groups may misrepresent breaches or exaggerate '
                    'the significance of stolen data. Organizations should '
                    'verify claims and communicate transparently with '
                    'stakeholders.',
 'motivation': 'Financial gain (ransom)',
 'ransomware': {'data_encryption': 'Likely (double-extortion tactics)',
                'data_exfiltration': 'Yes',
                'ransomware_strain': 'ThreeAM'},
 'recommendations': 'Enhance monitoring for false breach claims, maintain '
                    'clear communication with regulatory bodies, and ensure '
                    'robust incident response plans to address misinformation.',
 'references': [{'date_accessed': '2024-06-12',
                 'source': 'ThreeAM darknet leak site'},
                {'date_accessed': '2024-06-12',
                 'source': 'Australian Medical Council (AMC) statement'}],
 'regulatory_compliance': {'regulatory_notifications': 'Reported to ACSC'},
 'response': {'communication_strategy': 'Public denial of breach and '
                                        'clarification of data ownership',
              'law_enforcement_notified': 'Reported to Australian Cyber '
                                          'Security Centre (ACSC)'},
 'stakeholder_advisories': 'AMC clarified that it does not hold patient data '
                           'and is not responsible for the leaked information.',
 'threat_actor': 'ThreeAM ransomware group',
 'title': 'ThreeAM Ransomware Group Falsely Claims Australian Medical Council '
          'as Victim',
 'type': 'Ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.