Ransomware Gang Targets $5B Hospital Group Mediclinic, Threatens Data Leak A ransomware cartel, identified as the Everest Group, has claimed responsibility for breaching Mediclinic, a multinational private hospital operator with facilities in South Africa, Namibia, Switzerland, and the UAE. Founded in 1983, the company generates $5.4 billion in annual revenue and handles highly sensitive medical and operational data. According to a dark web post on May 26, the attackers exfiltrated 4GB of internal and confidential documents, including the personal data of 1,000 employees. The breach also exposed an Elasticsearch cluster containing over 160 indices, with billions of records primarily Chinese citizen IDs and business data though the full scope remains unclear. The gang has given Mediclinic five days to negotiate before releasing the stolen data, a tactic commonly used to pressure victims into paying ransoms. Researchers warn that the compromised data could enable identity theft, fraud, and targeted phishing attacks, with threat actors potentially impersonating medical staff to extract further information. The breach also risks legal repercussions and infrastructure vulnerabilities for Mediclinic, as internal documents may reveal operational weaknesses. The Everest Group, allegedly linked to the Russia-affiliated BlackByte cartel, has been active since mid-2021 and has listed 248 victims since 2023, including a previous attack on Moltbook in October 2022. Mediclinic has not yet responded to requests for comment.