Get all your news in one place.
100’s of premium titles.
One app.
Start reading
ABC News
ABC News
Health
national technology reporter Danny Tran

Crown Princess Mary Cancer Centre in Westmead Hospital in cyber attack, hackers threatening to release stolen data

The Crown Princess Mary Cancer Centre is part of the Westmead Hospital in the western Sydney. (AAP: Dean Lewins, file photo)

A major cancer treatment centre in Sydney has been caught up in a cyber attack, with hackers threatening to release stolen data unless hospital administrators pay a ransom.

NSW Health said it was alerted to the threat against the Crown Princess Mary Cancer Centre, which is part of Westmead Hospital, late on Thursday afternoon.

A spokesperson said it did not appear to have impacted NSW Health or the cancer centre's databases.

"NSW Health continues to investigate this issue which does not appear to have impacted any NSW Health databases, nor Crown Princess Mary Cancer Centre databases," they said.

"The safety and security of all NSW Health systems remains of highest importance and is continually monitored and safeguarded."

The group claiming to be behind the attack calls itself Medusa and has been actively targeting organisations in Australia and New Zealand since the start of January 2023.

The hackers have become known for using ransomware to steal data from their victims before encrypting it and then threatening to publish it unless a bounty is paid.

In March this year the same group posted gigabytes of what it claimed to be highly sensitive information stolen from Minneapolis Public Schools, including allegations of sexual abuse by students and other teachers, after the district refused to pay $US1 million, according to multiple US news outlets.

On Thursday the group listed the Crown Princess Mary Cancer Centre, which is 26 kilometres west of Sydney, on its dedicated leak site below a countdown time with about seven days remaining.

Screenshots of the dedicated leak site, which the hackers called Medusa blog, were circulated on Twitter and were picked up by cyber threat analyst Brett Callow.

CyberCX, a cyber security company, said that Medusa posed a "high threat" and earlier this year was the second-most active cyber extortion group in the Pacific.

Analysts say the group is likely to be small and experienced.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.