Victorian private hospital group Epworth Healthcare has been caught in an alleged data breach after a ransomware outfit leaked 40 gigabytes of allegedly stolen data to the dark web.
On Tuesday morning, ransomware gang Global Group dropped a dataset that appeared to contain sensitive information related to Epworth Healthcare, Melbourne Private Hospital, Epworth Hospital in Richmond, and Royal Melbourne Hospital.
Among the purportedly stolen data was doctor letters to patients, appointments information, surgery lists and results, medical imaging files, invoices, internal payroll data, database logs, droves of hospital booking forms from 2018 to 2025 across Melbourne Private Hospital and Epworth Hospital in Richmond.
Some folders were meanwhile dedicated to the Royal Melbourne Hospital, containing alleged data for “cases”, leave forms and patient “results”.
Speaking with Information Age last week, a member of Global Group confirmed they had targeted Epworth Healthcare with ransomware.
“We took around 40GB and they were encrypted,” said the anonymous hacker.
On Thursday, however, an Epworth Healthcare spokesperson said there was “no breach of its systems” whatsoever.
“Epworth HealthCare has completed a thorough investigation – supported by independent cybersecurity specialists – into claims made yesterday afternoon on the dark web alleging an IT compromise,” they said.
“Epworth’s IT systems have not been breached or compromised.
“No data stored within Epworth’s IT environments has been accessed, lost or altered.”
According to the spokesperson, early investigations indicated the ransomware claims may have related to a “third party that is not connected to Epworth’s IT environment”.
Meanwhile, Global Group threat actors displayed a week-long countdown timer for the release of alleged Epworth data to their dark web blog.
When that timer expired Tuesday, Global Group published what appeared to be a compromised file tree stolen from a system which held Epworth data.
Alongside consent files, medical scans and other sensitive patient data, the allegedly hacked system appeared to contain default Windows folders such as “My Music” and “My Pictures”.
“Proactive monitoring remains in place, and relevant state and federal authorities have been notified,” an Epworth Healthcare spokesperson said Thursday.
“We will provide further updates should new, verified information emerge.”
Epworth is Victoria’s largest not-for-profit private hospital group, providing diagnosis, treatment, care and rehabilitation services at 10 sites and hospitals across Melbourne and Geelong.
Epworth Healthcare has been asked whether the allegedly leaked data is legitimate, but did not respond prior to publication.
Countdown ticks for Victorian healthcare
On 7 June, Global Group added two new Victorian healthcare entities to its dark web blog: Ascot Vale Health Group and Mildura-based Deakin Medical Centre.
At the time of writing, Global Group listed countdown timers for both local practices which threatened to publish their stolen data within 24 hours.
Global Group did not specify what data it allegedly stole, while neither healthcare provider responded to Information Age prior to publication.
Victorian healthcare comprised three of Global Group’s nine targets to date, with the hacking group boasting other victims in the UK, US and Brazil.
Other than a seemingly AI-generated, dramatised video which Global released to promote its services, little is known about the newly-formed ransomware group and its members.
The group has claimed to offer the “fastest” and “most customisable” ransomware locker on the criminal market, boasted new attacks “every single day” and promoted an “AI-powered” support tool for future affiliates to conduct ransom negotiations.
Australian healthcare remains a soft target
Epworth’s alleged data breach marks the latest in a long line of attacks targeting Australian healthcare, following incidents at the likes of IVF provider Genea Fertility Australia, prescriptions company MediSecure and hospital operator St Vincent’s Health Australia.
Indeed, recent statistics from the Office of the Australian Information Commissioner revealed that of the 1,113 data breach notifications it received last year, the health sector reported the most breaches, accounting for 20 per cent of them.
Jason Murrell, co-founder of cybersecurity advocacy and growth champion Australian Cyber Network (ACN), said Australia’s healthcare sector has been a “soft target” for many years, with patient records fetching a “real premium” on the dark web.
“Hospitals are under pressure to keep systems online, all while their budgets are being slashed,” said Murrell.
“This makes them more likely to pay up in an attempt to avoid devastating disruptions.”
Murrell added that domestic healthcare’s “legacy infrastructure”, “underinvestment in cyber” and “stretched” workforce have led to conditions which are ripe for ransomware actors.
Murrell noted Victorian healthcare in particular is “grossly underfunded”.
“Add in the fact that healthcare providers often work across disjointed and archaic systems, and you’ve got a sector that’s been both highly exposed and poorly defended for years,” he said.
In January, the Australian government granted $6.4 million to kickstart a new cyber threat-sharing network between organisations in the health sector.
