The Everest Group has allegedly claimed responsibility for a significant data breach involving Mediclinic Southern Africa, one of the country’s leading private health service providers. The gang alleges it has exfiltrated a staggering 4GB of sensitive information, including the personal details of approximately 1,000 employees, raising alarms over data security in the healthcare sector.
Mediclinic operates a network of acute care private hospitals across South Africa and Namibia and is partially owned by Johann Rupert’s investment company, Remgro. Screenshots on the Everest Group’s dark web leak site have purportedly revealed that the attackers gained privileged access to Mediclinic’s human resources systems, obtaining sensitive data such as salary information and records of disciplinary actions. A screenshot further disclosed a listing of a user’s home directory, amplifying the severity of the breach.
The Everest Group has reportedly allegedly demanded that Mediclinic negotiate a price by 02:00 on Sunday, 1 June, to prevent the data from being leaked.
This attack on Mediclinic is not an isolated incident; Everest Group has also targeted other organisations, including the Coca-Cola HR system. According to researchers from Venarix, these attacks underline a surge in aggressive cyber strategies. Evidence suggests that initial breaches may have stemmed from a third-party SAP service provider, “INK IT Solutions,” based in Melbourne, Australia. Venarix has attributed a total of 148 known cyber incidents to the group since it was first identified in December 2020, suggesting an opportunistic pattern in its attacks.
The uptick in cyber incidents like the Mediclinic breach is not occurring in a vacuum. Recently, notable South African brands and companies, including Adidas South Africa and telecommunications giants MTN and Cell C, have reported data breaches. While Cell C shared comprehensive details regarding its ransomware attack, MTN took a more guarded approach, revealing only that certain markets were affected.
In light of the breach, Mediclinic has since issued a statement confirming that the exposure of its employee-related data occurred earlier this year. The hospital group claims to have acted swiftly, engaging third-party IT specialists to contain the incident, resetting access credentials, and conducting an assessment in collaboration with cybersecurity partners. Mediclinic reassured that no patient data had been compromised and that business operations remained uninterrupted.
The hospital group stated, “This assessment determined that the data impacted is limited to employment-related data, and we have taken appropriate steps to contact those whose data we believe may have been impacted.” They also outlined efforts to enhance security measures regarding third-party vendors and confirmed that regulators and relevant authorities had been informed about the breach.