Mediclinic says employment-related data was affected in a cyber-security breach affecting a third-party IT service provider.
MyBroadband reported that cyber-extortion gang Everest Group had claimed responsibility for the attack earlier this year, reports News24.
“Mediclinic had engaged the third-party IT service provider, which immediately took steps to ensure the containment of the incident, including immediately isolating the affected system, resetting access credentials, and working with external specialists in an incident response investigation,” it said in a statement.
It was determined that the affected data was limited to staff information, and that no patient data had been affected, not was there any disruption to business operations, the company added.
The MyBroadband article said that the Everest Group claimed to have exfiltrated 4GB of data and the personal data of 1 000 employees.
A cybersecurity news site, Dark Reading, reported that the Everest Group had been responsible for nine cyber-attacks in May, including at Coca-Cola and the Department of Tourism and Culture in Abu Dhabi.
The article cites researchers who claim to have found files relating to an SAP HR Management platform in each incident.
The Everest Group is allegedly trying to extort victims by asking for a ransom in exchange for not publishing the data.
MyBroadband article – Prominent private hospital group in South Africa hacked (Open access)
See more from MedicalBrief archives:
Be pro-active as cyber thugs target global healthcare sector
Hackers target Aussie IVF giant in data breach
NHLS back on track after cyber hack
Cyber attacks create havoc in state hospitals in SA, and globally