Hackers calling themselves Medusa have targeted the Crown Princess Mary Cancer Centre in a ransomware attack, threatening to release stolen data unless hospital administrators pay a ransom. NSW Health, the healthcare provider for the Australian state of New South Wales, said it was alerted to the threat late on Thursday afternoon, but the attack did not appear to have affected any NSW Health databases or the cancer centre’s databases.
The safety and security of all NSW Health systems is of the utmost importance and is being monitored and safeguarded.
Medusa has been actively targeting organisations in Australia and New Zealand since the start of 2023, using ransomware to steal data from their victims before encrypting it and threatening to publish it unless a ransom is paid.
Earlier this year, the same group posted gigabytes of sensitive information it had stolen from Minneapolis Public Schools, including allegations of sexual abuse by students and other teachers, after the district refused to pay $1m.
The cyber attack on the Crown Princess Mary Cancer Centre has been identified as a “high threat” by CyberCX, a cybersecurity firm. The group, which is likely to be small and experienced, poses a major risk to organisations in the Pacific, according to analysts.
On Thursday, the group listed the cancer centre on its dedicated leak site, with a countdown timer of around seven days remaining. Screenshots of the dedicated leak site, which the hackers called the Medusa blog, were circulated on Twitter and picked up by cyber threat analyst Brett Callow
