The information reportedly includes employees’ salaries, disciplinary hearings, and others.
Prominent hospital group Mediclinic is investigating a cyberattack that exposed the personal information of its employees.
The information reportedly includes employees’ salaries, disciplinary hearings, and others.
Mediclinic currently operates 50 hospitals, 15 day clinics, five sub-acute and six mental health facilities throughout South Africa, as well as three private hospitals in Namibia, with more than 8 945 beds.
Mediclinic Investigates
The private hospital group confirmed to The Citizen that its third-party IT service provider experienced a cybersecurity incident.
“Upon learning of this incident, Mediclinic engaged the third-party IT service provider, who reported that it immediately took steps to ensure the containment of the incident, including immediately isolating the affected system, resetting access credentials, and working with external specialists in an incident response investigation.”
After following certain procedures, it was determined that the data impacted is limited to employment-related data. The hospital has taken appropriate steps to contact those whose data they believe may have been impacted by the incident, in accordance with data protection guidelines.
ALSO READ: Cybersecurity breach costs Astral R20 million in profit
No patient data stolen at Mediclinic
Mediclinic stated that it is confident no patient data has been compromised, and it did not experience any disruption to its business operations.
“Since the incident, we have and continue to implement further measures to enhance security safeguards in relation to our third-party vendors.
“Mediclinic reported the incident to the appropriate regulators in each of our operating markets, and we continue to cooperate with the relevant authorities as needed.”
Other cyberattacks
MyBroadband reported that the group responsible for the cyberattack is Everest Group.
The group has launched cyberattacks in the Middle East, Africa, Europe, and North America.
It reportedly launched a cyberattack against Coca-Cola, during which it stole records associated with hundreds of employees, including their personally identifiable information (PII), such as names and addresses, salary records, and scans of passports and visas.
NOW READ: AI job takeover begins: Mediclinic replaces admin staff to save R2 billion
