Ransomware Gang Targets $5B Hospital Group Mediclinic, Threatens Data Leak
A ransomware cartel, identified as the Everest Group, has claimed responsibility for breaching Mediclinic, a multinational private hospital operator with facilities in South Africa, Namibia, Switzerland, and the UAE. Founded in 1983, the company generates $5.4 billion in annual revenue and handles highly sensitive medical and operational data.
According to a dark web post on May 26, the attackers exfiltrated 4GB of internal and confidential documents, including the personal data of 1,000 employees. The breach also exposed an Elasticsearch cluster containing over 160 indices, with billions of records primarily Chinese citizen IDs and business data though the full scope remains unclear. The gang has given Mediclinic five days to negotiate before releasing the stolen data, a tactic commonly used to pressure victims into paying ransoms.
Researchers warn that the compromised data could enable identity theft, fraud, and targeted phishing attacks, with threat actors potentially impersonating medical staff to extract further information. The breach also risks legal repercussions and infrastructure vulnerabilities for Mediclinic, as internal documents may reveal operational weaknesses.
The Everest Group, allegedly linked to the Russia-affiliated BlackByte cartel, has been active since mid-2021 and has listed 248 victims since 2023, including a previous attack on Moltbook in October 2022. Mediclinic has not yet responded to requests for comment.
Source: https://cybernews.com/security/mediclinic-everest-ransomware-attack/
Mediclinic Group cybersecurity rating report: https://www.rankiteo.com/company/mediclinic-group
"id": "MED1770804373",
"linkid": "mediclinic-group",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '1,000 employees (personal data '
'exposed)',
'industry': 'Healthcare',
'location': ['South Africa',
'Namibia',
'Switzerland',
'UAE'],
'name': 'Mediclinic',
'size': 'Large (Annual revenue: $5.4 billion)',
'type': 'Hospital Group'}],
'data_breach': {'data_exfiltration': 'Yes (4GB of data)',
'number_of_records_exposed': 'Billions (Elasticsearch cluster '
'with over 160 indices)',
'personally_identifiable_information': 'Yes (Employee data, '
'Chinese citizen IDs)',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Internal documents',
'Confidential documents',
'Employee personal data',
'Chinese citizen IDs',
'Business data']},
'date_publicly_disclosed': '2024-05-26',
'description': 'A ransomware cartel, identified as the Everest Group, has '
'claimed responsibility for breaching Mediclinic, a '
'multinational private hospital operator with facilities in '
'South Africa, Namibia, Switzerland, and the UAE. The '
'attackers exfiltrated 4GB of internal and confidential '
'documents, including personal data of 1,000 employees and an '
'Elasticsearch cluster with billions of records. The gang has '
'given Mediclinic five days to negotiate before releasing the '
'stolen data.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': '4GB of internal and confidential documents, '
'including personal data of 1,000 employees '
'and an Elasticsearch cluster with billions of '
'records',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal repercussions',
'operational_impact': 'Potential infrastructure vulnerabilities '
'and operational weaknesses'},
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes'},
'references': [{'date_accessed': '2024-05-26', 'source': 'Dark web post'}],
'threat_actor': 'Everest Group',
'title': 'Ransomware Gang Targets $5B Hospital Group Mediclinic, Threatens '
'Data Leak',
'type': 'Ransomware'}