Cyberattack Exposes Melbourne Hospital Patients Data on Dark Web

Hundreds of Patients Affected by Data Leak

A serious cyberattack leaked the private details of hundreds of patients on the dark web. The patients had visited a well-known heart specialist in Melbourne who works at two major hospitals Epworth and Royal Melbourne and also runs a private clinic.

The stolen information includes very sensitive health records, names, contact details, and Medicare numbers. All of this private data has now been found on the dark web — a hidden part of the internet where cybercriminals often sell or share stolen information.

The cyberattack happened after the doctor’s private clinic systems were hacked. The attacker asked for a ransom, but the doctor did not pay. It’s not clear how much money was demanded. The doctor informed patients through an email on June 9, letting them know that someone had broken into his systems and stolen their data. He warned them to watch out for scam emails, phone calls, or texts that might use the stolen information.

Ten days later, on June 19, the doctor sent another email. This time, he said cyber experts had confirmed that someone had uploaded the stolen data to the internet. Most of the affected patients had visited the doctor’s private rooms connected to Epworth Hospital, Melbourne’s largest private not-for-profit hospital. A smaller number had come through referrals from the Royal Melbourne Hospital.

One of the patients said the data leak shocked and disappointed him. He trusted hospital systems to keep his information safe and didn’t expect a specialist linked to major hospitals to let his private details get exposed.

Hospitals Say Their Systems Are Safe

After the data leak, the hackers said they had broken into Epworth’s computer systems. But Epworth Hospital checked quickly and found no signs of a hack. A hospital spokeswoman said their own systems were not involved. The problem came from a third-party health provider. This provider was not connected to Epworth’s IT systems. She also said all hospital services are safe and working normally.

Royal Melbourne Hospital also conducted its own checks. Their team confirmed that their systems were not affected either.

The Australian privacy watchdog, the Office of the Australian Information Commissioner, has been notified about this breach. This office tracks all major data leaks in the country and works to protect people’s personal information.

From July to December last year, healthcare services reported more data breaches than any other sector. There were 121 reported breaches in that short period, which is a jump from 79 the year before. Right now, about 20 percent of all data breach reports come from health services. After that, the government makes up 17 percent, and the financial sector 9 percent.

A spokesperson for the Commissioner’s office said that companies that collect or store personal information have a huge responsibility to protect it. This is especially important for hospitals and medical professionals who handle very private details about people’s health.

Small Clinics More at Risk Than Big Hospitals

Cybersecurity experts say that many hackers are now going after smaller health clinics and specialist doctors rather than large hospitals. That’s because these smaller places usually don’t have strong security systems.

One expert from Australia’s largest cybersecurity company explained that while big hospitals seem like obvious targets, hackers prefer to go after the “soft underbelly” of healthcare — meaning the many smaller clinics, general practitioners, and specialist doctors scattered around the country. These clinics manage very private and important information, but they often hire outside companies to manage their IT systems, making them easier for hackers to attack.

A professor from RMIT University also agreed. He said that health contractors, like specialist doctors, are usually smaller businesses, so they become easy targets for hackers who want access to private data.

Strict Regulations Help Australian Companies Bounce Back Quicker After Cyberattacks

A doctor from regional Victoria said his clinic paid a $25,000 ransom in 2022. Hackers took control of all patient files. For four days, the medical staff could not open any records. Patients came in for appointments. But the doctors didn’t know who they were or what treatment they needed. The doctor said it was very stressful. He added that they had tried hard to keep the data safe, but it was not enough.