Global ransomware group claims breach of Australian Epworth Healthcare, possibly breached third party vendor
Learn More
Global ransomware group claims a breach and data theft of Australian not-for-profit private hospital group Epworth HealthCare. The hospital group has denied the claims made by threat actors despite the allegedly leaking 40 gigabytes of sensitive data on the dark web.
The attack allegedly occurred on June 2, 2025, and the breach was discovered on June 4, 2025. Global group threat actors displayed a week-long countdown timer for the release of alleged Epworth data to their dark web blog, and when that timer expired on Tuesday, Global Group published what appeared to be a compromised file tree stolen from a system which held Epworth data.
The allegedly exposed data included:
- Doctor letters to patients
- Appointments information
- Surgery lists and results
- Medical imaging files
- Invoices
- Internal payroll data
- Database logs
- Hospital booking forms from 2018 to 2025
- Patient "results" and case files
- Consent files and medical scans
The number of affected individuals has not been disclosed.
Epworth Healthcare has denied any breach of its systems, stating "Epworth HealthCare has completed a thorough investigation – supported by independent cybersecurity specialists – into claims made yesterday afternoon on the dark web alleging an IT compromise. We can confirm that Epworth's IT systems have not been breached or compromised. No data stored within Epworth's IT environments has been accessed, lost or altered"
The hospital group claims that the breach may have been at a third party that is not connected to Epworth's IT environment, and the third party has been notified. Epworth has not identified which third-party provider may have been compromised.
