The ThreeAM ransomware operation said it hacked the healthcare standards body – but it only has data belonging to a Victorian medical centre.
The Australian Medical Council has said it was not the victim of a ransomware attack after it was listed as a victim on the darknet site of the ThreeAM hacking group.
The AMC was one of a dozen victims listed on the site on June 12.
You’re out of free articles for this month
To continue reading the rest of this article, please log in.
However, it appears the hackers – and several open source threat feeds that took the hackers at their word – appear to have either mistaken the data in their possession or were deliberately hyping its importance.
“The AMC is aware of the claims made by ThreeAM that they have published data obtained from the AMC. The AMC has reviewed the data and are confident that this is not AMC data and that there has been no data leakage from the AMC,” an AMC spokesperson told Cyber Daily
“The AMC has no role in the delivery of health services and does not hold any patient data.”
Nonetheless, the AMC said it has reported its findings to the Australian Cyber Security Centre.
ThreeAM has already published the entire data set, and multiple documents feature the letterhead of the Aghapy Medical Centre in Victoria, as well as several personal files belonging to one of its general practitioners. The documents include details of business processes, blank forms, and general correspondence, as well as patient complaints and the transfer of patient records.
No patient records appear to be included in the data.
Cyber Daily has been in touch with the Aghapy Medical Centre, which has declined to comment on the incident.
Who is ThreeAM?
According to researchers, ThreeAM is part of a nebulous group of ransomware actors with suspected ties to the Lockbit operation.
Analysts at cyber security firm Fortra believe ThreeAM is made up of Russian speakers, and the group may also have ties to the BlackSuit ransomware group.
ThreeAM typically operates using double-extortion techniques, both stealing and threatening to publish data, and also encrypting it in place until a victim pays up.
“All your files are mysteriously encrypted, and the systems ‘show no signs of life’, the backups disappeared,” the group says in its ransom note.
“But we can correct this very quickly and return all your files and operation of the systems to original state.”
The group was first observed in September 2023 and has claimed 85 victims since then. The group’s last Australian victim was ANU Enterprise, which confirmed it was the victim of a ransomware attack in November 2024.
Want to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。