On May 26, 2025, a message appeared on the darknet from a hacking group called Everest Group, claiming responsibility for the hack of private international healthcare giant Mediclinic. The company, which operates healthcare facilities in South Africa, Namibia, Switzerland, and the United Arab Emirates, lost the personal data of approximately 1,000 employees, as well as 4 GB of internal documents.
The attackers gave the company five days to respond and negotiate a ransom, a typical strategy for groups using ransomware. The stolen information may include documents describing the company’s internal processes, which puts staff safety at risk and potentially opens the door to further attacks.
Everest Group has been active since mid-2021, likely affiliated with the Russian-based BlackByte group. They have a track record of major attacks, including against Coca-Cola (2025) and AT\&T (2022). According to the Ransomlooker tracker, the group is already responsible for 248 attacks. What is particularly dangerous is that in the case of Mediclinic, we are talking about a medical institution, where a data leak can not only damage the reputation, but also pose a threat to the safety of patients and medical staff.
The attack on Mediclinic demonstrates the growing danger of ransomware in critical sectors such as healthcare. Companies should not only invest in cyber protection, but also be prepared for incidents with response plans and transparent communication. Otherwise, the consequences can be not only financial, but also relate to reputation and legal aspects.
