9th February 2026 Cyber Update: Fake Ransomware Group Targets Epworth HealthCare in Data Extortion Bluff

Cyber News Centre's cyber update for 9th February 2026: Epworth HealthCare has been targeted by a new ransomware group, but the attack appears to be an elaborate bluff.

Epworth HealthCare, Victoria's largest not-for-profit private hospital group, has found itself at the centre of a data extortion campaign by a newly emerged ransomware group calling itself 0APT.

The Update and Why It Matters

Update: The 0APT ransomware group, which surfaced in late January 2026, has listed Epworth HealthCare on its darknet leak site, claiming to have exfiltrated 920GB of sensitive clinical information, including surgical records and patient billing details.

The group threatened to publish the data on February 6th if a ransom was not paid. However, Epworth HealthCare has stated that after a thorough investigation supported by independent cybersecurity specialists, there is "no verified evidence of any impact to our systems or data".

Security researchers have independently concluded that 0APT is likely a "fake" ransomware operation. Analysis of the group's activities reveals they post a high volume of victims without credible proof of compromise, and their data leak files have been found to be empty shells or infinite streams of random data, a tactic designed to create the illusion of a legitimate breach. The group appears to be leveraging psychological pressure and the fear of reputational damage to extort victims, rather than possessing any actual stolen data. This incident follows a pattern of behaviour from 0APT, which has been widely discredited by the cybersecurity community for its unsubstantiated claims against numerous high-profile organisations globally.

Why it Matters: The rise of "scam" ransomware groups like 0APT represents a significant evolution in the cyber extortion landscape. These actors bypass the technical complexity of actual network intrusion and data theft, focusing instead on manufacturing a public relations crisis to pressure victims into paying.

For organisations, particularly in critical sectors like healthcare, this tactic poses a new and dangerous threat. It forces organisations to expend significant resources to disprove false claims and manage public fear, even when no data has been compromised.

The 0APT campaign against Epworth HealthCare serves as a critical reminder that not all ransomware threats are technically equal. It underscores the importance of robust incident response protocols that include swift, transparent communication and independent verification of claims before any consideration of payment. This incident highlights the need for a healthy dose of scepticism and thorough due diligence in the face of increasingly theatrical and deceptive extortion tactics.

Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.