Victoria's largest not-for-profit private hospital group, Epworth HealthCare, has been targeted by a fake ransomware group known as 0APT. The group claims to have stolen 920GB of patient data, but evidence suggests it is a bluff designed to extort money through psychological warfare.
SpaceX's $1.25T xAI merger: Musk bets on solar-powered AI, blurring natural & artificial. Unified Musk Industries could accelerate energy transition, space manufacturing & planetary-scale AI, heralding cosmic-scale cogitation & boundless intelligence.
A critical 9.8‑rated flaw (CVE-2025-40551) in SolarWinds Web Help Desk is under active exploitation, letting unauthenticated attackers execute remote code and prompting urgent patch orders for government and enterprise users worldwide.
Victoria's largest not-for-profit private hospital group, Epworth HealthCare, has been targeted by a fake ransomware group known as 0APT. The group claims to have stolen 920GB of patient data, but evidence suggests it is a bluff designed to extort money through psychological warfare.
Cyber News Centre's cyber update for 9th February 2026: Epworth HealthCare has been targeted by a new ransomware group, but the attack appears to be an elaborate bluff.
Epworth HealthCare, Victoria's largest not-for-profit private hospital group, has found itself at the centre of a data extortion campaign by a newly emerged ransomware group calling itself 0APT.
Update: The 0APT ransomware group, which surfaced in late January 2026, has listed Epworth HealthCare on its darknet leak site, claiming to have exfiltrated 920GB of sensitive clinical information, including surgical records and patient billing details.
The group threatened to publish the data on February 6th if a ransom was not paid. However, Epworth HealthCare has stated that after a thorough investigation supported by independent cybersecurity specialists, there is "no verified evidence of any impact to our systems or data".
Security researchers have independently concluded that 0APT is likely a "fake" ransomware operation. Analysis of the group's activities reveals they post a high volume of victims without credible proof of compromise, and their data leak files have been found to be empty shells or infinite streams of random data, a tactic designed to create the illusion of a legitimate breach. The group appears to be leveraging psychological pressure and the fear of reputational damage to extort victims, rather than possessing any actual stolen data. This incident follows a pattern of behaviour from 0APT, which has been widely discredited by the cybersecurity community for its unsubstantiated claims against numerous high-profile organisations globally.
Why it Matters: The rise of "scam" ransomware groups like 0APT represents a significant evolution in the cyber extortion landscape. These actors bypass the technical complexity of actual network intrusion and data theft, focusing instead on manufacturing a public relations crisis to pressure victims into paying.
For organisations, particularly in critical sectors like healthcare, this tactic poses a new and dangerous threat. It forces organisations to expend significant resources to disprove false claims and manage public fear, even when no data has been compromised.
The 0APT campaign against Epworth HealthCare serves as a critical reminder that not all ransomware threats are technically equal. It underscores the importance of robust incident response protocols that include swift, transparent communication and independent verification of claims before any consideration of payment. This incident highlights the need for a healthy dose of scepticism and thorough due diligence in the face of increasingly theatrical and deceptive extortion tactics.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
A critical 9.8‑rated flaw (CVE-2025-40551) in SolarWinds Web Help Desk is under active exploitation, letting unauthenticated attackers execute remote code and prompting urgent patch orders for government and enterprise users worldwide.
German insurance major HanseMerkur has been targeted by the Russia-aligned Dragonforce ransomware gang, which claims to have stolen 97GB of data. The attack on the €3 billion firm highlights the escalating threat of ransomware to the global financial services and insurance sectors.
Ivanti has confirmed actively exploited, pre‑authentication remote code‑execution flaws in its Endpoint Manager Mobile platform, allowing attackers to hijack internet‑facing MDM servers, push malicious device profiles, and exfiltrate sensitive mobile data at enterprise scale
The CL0P ransomware gang has breached Podiatry WA, a key Australian healthcare association, as part of a massive 22-victim global attack wave. The incident highlights the escalating threat of data extortion targeting professional services and healthcare sectors across Australia.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
