• Home
  • cyber
  • Epworth HealthCare: Exclusive: Epworth HealthCare finds no evidence of data breach as hackers allege 920GB stolen in ransomware attack
cyber Ransomware

Epworth HealthCare: Exclusive: Epworth HealthCare finds no evidence of data breach as hackers allege 920GB stolen in ransomware attack

Feb 5, 2026 2 min read
Epworth HealthCare: Exclusive: Epworth HealthCare finds no evidence of data breach as hackers allege 920GB stolen in ransomware attack

Epworth HealthCare Faces Alleged Data Breach by 0APT Ransomware Group

Epworth HealthCare, Victoria’s largest not-for-profit healthcare provider, is investigating claims by the 0APT ransomware group that it stole nearly a terabyte of sensitive data. The hackers, who emerged in late January, allege they accessed patient records, surgical documents, billing details, and personal information, totaling 920 GB. In a February post, 0APT warned Epworth against involving external cybersecurity agencies, threatening to leak samples to local media if negotiations were not handled directly.

Epworth has denied any confirmed breach, stating that its systems remain secure and operational. A spokesperson confirmed the organization is aware of the unverified report but has found no evidence of compromise after engaging specialist partners. Patient care across Epworth’s Melbourne and Geelong hospitals continues unaffected.

0APT, which markets itself as a "politically neutral" ransomware-as-a-service operation, claims to seek financial compensation rather than business disruption. The group is actively recruiting affiliates, offering a revenue-sharing model for successful attacks. However, its legitimacy remains disputed. Cybersecurity firm Red Piranha identified technical similarities between 0APT’s malware and the 2021 Haron ransomware, noting a hybrid encryption scheme using Salsa20 and RSA-1024. Meanwhile, threat intelligence tracker Ransomware.live has dismissed the group as unreliable, citing unverified victim claims and removed its entries from monitoring.

This incident follows a separate ransomware claim in 2023, when the Global group alleged it stole 40 GB of Epworth data an accusation the healthcare provider later attributed to a third-party vendor. 0APT has set a February 6 deadline to publish the alleged stolen data, though no ransom demand has been disclosed. Epworth, which serves over 230,000 patients annually, maintains that its internal investigations have found no indicators of compromise.

Source: https://www.cyberdaily.au/security/13181-exclusive-epworth-healthcare-finds-no-evidence-of-data-breach-as-hackers-allege-920-gigabyte-stolen-in-ransomware-attack

Epworth cybersecurity rating report: https://www.rankiteo.com/company/epworth-

"id": "EPW1770259093",
"linkid": "epworth-",
"type": "Ransomware",
"date": "2/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Potentially 230,000+ patients',
                        'industry': 'Healthcare',
                        'location': 'Melbourne and Geelong, Victoria, '
                                    'Australia',
                        'name': 'Epworth HealthCare',
                        'size': 'Large (serves over 230,000 patients annually)',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Patient care continues unaffected',
 'data_breach': {'data_exfiltration': 'Alleged 920 GB of data stolen',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Patient records',
                                              'Surgical documents',
                                              'Billing details',
                                              'Personal information']},
 'date_publicly_disclosed': '2024-02',
 'description': 'Epworth HealthCare, Victoria’s largest not-for-profit '
                'healthcare provider, is investigating claims by the 0APT '
                'ransomware group that it stole nearly a terabyte of sensitive '
                'data, including patient records, surgical documents, billing '
                'details, and personal information.',
 'impact': {'data_compromised': '920 GB of sensitive data',
            'identity_theft_risk': 'High (personal information exposed)',
            'operational_impact': 'Patient care continues unaffected',
            'payment_information_risk': 'High (billing details exposed)'},
 'investigation_status': 'Ongoing (no evidence of compromise found)',
 'motivation': 'Financial compensation',
 'ransomware': {'data_exfiltration': 'Yes (alleged 920 GB)',
                'ransomware_strain': '0APT (hybrid encryption scheme using '
                                     'Salsa20 and RSA-1024)'},
 'references': [{'date_accessed': '2024-02',
                 'source': '0APT ransomware group post'},
                {'date_accessed': '2024-02',
                 'source': 'Epworth HealthCare statement'},
                {'source': 'Red Piranha (cybersecurity firm)'},
                {'source': 'Ransomware.live (threat intelligence tracker)'}],
 'response': {'communication_strategy': 'Public denial of confirmed breach, '
                                        'ongoing investigation',
              'incident_response_plan_activated': 'Yes (engaged specialist '
                                                  'partners)',
              'third_party_assistance': 'Yes (cybersecurity specialists)'},
 'threat_actor': '0APT Ransomware Group',
 'title': 'Epworth HealthCare Alleged Data Breach by 0APT Ransomware Group',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.