**Rhysida Ransomware Group Claims Attack on Queensland Medical Centre, Threatens Patient Data Sale**
The Rhysida ransomware group has listed Harbour Town Doctors, a Queensland-based medical centre, as a victim on its dark web extortion site. The attack was publicly claimed on December 11, with the group posting low-resolution images of allegedly stolen data, including files bearing the clinic’s letterhead, patient health summaries, medical record transfer requests, and pathology reports.
Rhysida set a seven-day ransom deadline and is currently offering the data for sale to a single buyer for five Bitcoin (approximately $137,000). The group stated that the data would be sold exclusively, with no resale permitted, framing it as a "unique opportunity" for potential buyers. Harbour Town Doctors has not responded to requests for comment.
About Rhysida
Rhysida is a ransomware-as-a-service (RaaS) operation, first observed in mid-2023, with 254 claimed victims to date. The financially motivated group, which communicates in Russian, has a history of targeting the healthcare sector. Notable past attacks include:
- Prospect Medical Holdings (August 2023): Disrupted 17 hospitals and 166 clinics in the U.S., exposing 500,000 Social Security numbers, medical records, and passport details.
- Sunflower Medical Group (January 2025): Allegedly stole three terabytes of data, impacting over 400,000 patients.
- Daughterly Care (September 2024): A Sydney-based aged-care provider, marking Rhysida’s previous Australian healthcare victim.
About Harbour Town Doctors
Located in Biggera Waters, Queensland, the clinic provides family medicine, skin cancer treatment, and chronic disease management, employing five doctors and administrative staff. The centre markets itself as offering personalised, team-based care through experienced healthcare professionals.
Harbourview Family Health Team cybersecurity rating report: https://www.rankiteo.com/company/harbourview-family-health-team
"id": "HAR1765764164",
"linkid": "harbourview-family-health-team",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Bigger Waters, Queensland, Australia',
'name': 'Harbour Town Doctors',
'size': '5 doctors and administrative staff',
'type': 'Medical Centre'}],
'data_breach': {'data_encryption': 'Yes (ransomware encryption)',
'data_exfiltration': 'Yes',
'file_types_exposed': ['Medical documents',
'Patient health summaries',
'Pathology reports'],
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Patient data',
'Medical records',
'Health summaries',
'Pathology reports']},
'date_publicly_disclosed': '2023-12-11',
'description': 'A ransomware group, Rhysida, listed Queensland-based medical '
'centre Harbour Town Doctors as a victim on its dark net '
'extortion site. The group claimed the attack on December 11, '
'posting low-resolution images of allegedly exposed patient '
'data, including medical records, health summaries, and '
'pathology reports. The data was put up for sale for five '
'Bitcoin (roughly $137,000) with a seven-day ransom deadline.',
'impact': {'brand_reputation_impact': 'Likely significant',
'data_compromised': 'Patient data, medical records, health '
'summaries, pathology reports',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential'},
'initial_access_broker': {'data_sold_on_dark_web': 'Yes'},
'motivation': 'Financial',
'ransomware': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'ransom_demanded': '5 Bitcoin (~$137,000)',
'ransomware_strain': 'Rhysida'},
'references': [{'source': 'Cyber Daily'}],
'regulatory_compliance': {'regulations_violated': ['Likely Australian Privacy '
'Principles (APP)',
'Potential Notifiable Data '
'Breaches (NDB) scheme']},
'threat_actor': 'Rhysida',
'title': 'Rhysida Ransomware Attack on Harbour Town Doctors',
'type': 'Ransomware'}