Macquarie Health Corporation suffers cyber attack, hackers post data on dark web

Hackers recently bragged about stealing and leaking highly sensitive documents on the dark web that contained private patient information stolen from a Sydney health care company.

Macquarie Health Corporation confirmed Monday that many of its systems remain offline after the private company was attacked by cyber criminals. Macquarie Health operates more than a dozen private hospitals, including the Manly Waters Private Hospital in Sydney.

Medical and legal documents containing highly personal information were posted to the dark web after the hack.

A multi-page sample of the documents is known to detail the medical history, name and date of birth of a New South Wales woman.

Macquarie Health Corporation, which operates 12 private hospitals in Sydney and Melbourne, first disclosed the hack last Thursday and issued an update on Monday.

Macquarie Health Corporation (MHC) is still experiencing significant impacts related to the cyber incident.

Thank you to our staff for their hard work continuing to deliver patient-centred care with many of our systems remaining off-line.

We apologise for any inconvenience this disruption may cause and thank our staff, patients, and clinicians for their patience during this situation.

In a post on a dark web site, the hackers claimed they stole personal data from more than 6,700 people.

"Patients' medical data …… financial documents, bank balances, tax deductions." The hackers claim to have obtained a long list of documents.

The criminals also claim to have gained access to "over 1000" passwords, including those for services such as PayPal, Amazon and Facebook.

In addition to personal data, the hackers claim to have stolen more than 119,000 internal files from the company, totaling 225 GB in size.

A spokeswoman for New South Wales Police said they were unaware of the incident and were prepared to investigate.