U.S. Healthcare Firm Embroiled in Malta Corruption Scandal Spent Millions on Private Spies

U.S. healthcare operator Steward paid over $7 million to U.K.-based intelligence firms that conducted surveillance and disinformation operations against its critics — and even a Steward employee. The fees were billed to Steward’s Maltese division, which was largely funded with taxpayer money.

Key Findings

  • When Steward clashed with the Maltese health minister over the terms of its agreement to manage hospitals in the Mediterranean nation, it hired a London-based private intelligence firm to target the main “opponent” of its concession. That firm, CT Group, created a report alleging the minister had taken a large bribe, which was then circulated to journalists.
  • Steward executives corresponded regularly with another U.K. private intelligence firm, Audere, about “false flag” operations against a critic who ran a financial research company that issued a negative report about Steward. That critic was later spied on in his home and followed, according to surveillance reports in the possession of Audere obtained by OCCRP.
  • Audere also collected embarrassing personal information and photographs of a former Steward employee after Steward feared he would leak financial information to its auditor.
  • The costs of this intelligence work were paid by Steward’s Malta subsidiary, which was largely funded by Maltese taxpayers.
  • Steward executives prioritized paying these intelligence firms, who sometimes charged the company as much as $170,000 in a month, even as bills for critical medical services in its U.S. hospitals went unpaid.

А U.S. healthcare firm at the center of Malta’s biggest-ever corruption scandal authorized “spare-no-expenses” private intelligence operations, including one that targeted Malta’s former health minister with what appears to be a fake compromising bank statement, leaked corporate records show.

Dallas-headquartered Steward Health Care was awarded a 2.1-billion-euro ($2.5-billion) Maltese government contract in 2018 to renovate and manage three public hospitals. But when allegations of fraud and corruption threatened its cash-strapped business, Steward hired private spies at two London-based intelligence firms to deal with its opponents, the records show.

Practices undertaken by these firms included leaking fabricated bank records, accessing sensitive phone data, and planting fake media stories about corruption by Maltese officials. In one case, corporate spies secretly filmed an opponent inside his own home and followed him when he dropped his child off at school.

The operations racked up bills of more than $7 million over more than six years and were coordinated by senior Steward executives who corresponded regularly with private spies, according to emails, encrypted messages, and financial records.

In a leaked audio message from 2022, Steward’s general counsel described the stakes of the intelligence work as “truly existential” and called the related fees “must-pays,” even as bills for lab supplies, doctors’ fees, and other critical healthcare services went unpaid.

External content from YouTube

This content is provided by a third-party. By playing this content, you consent to cookies being set and personal data processed by the third-party provider.

Steward did not respond to repeated requests for comment from OCCRP about the covert operations, but has previously denied wrongdoing in relation to the hospital deal.

A Maltese court annulled Steward’s hospital concession last year, citing an audit that found “collusion between Steward and senior government officials or its agencies” and called the deal “fraudulent.” Payments related to the deal were also probed in a four-year criminal inquiry by Maltese magistrates.

The inquiry led to charges of corruption and money laundering against Malta’s former Prime Minister Joseph Muscat, who was arraigned in court in May alongside more than two dozen others connected to the hospital deal. All have pleaded not guilty.

A legal representative for the company’s Maltese subsidiary was charged with corrupting public officials. Steward itself has not been charged, though the inquiry recommended that its CEO and the CEO of its international division should be.

While details of the hospital scandal have rocked Malta to its core, Steward’s efforts to silence its critics have remained unreported until now.

The company averaged payments of hundreds of thousands of dollars each month to London-based intelligence firms Audere International and CT Group, and then charged the fees back to its Malta division, which was largely funded by Maltese taxpayers under the hospital deal.

Lawyers for Audere denied that their client had engaged in unlawful conduct, but declined to respond to detailed allegations and questions, citing confidentiality. They said Audere “takes its legal and regulatory compliance obligations seriously and acts in accordance with the same.”

CT Group said it is “committed to and complies with all laws and regulations in all jurisdictions in which it works.” It added, “Your email contains serious false allegations,” although it did not dispute specific allegations or respond directly to reporters’ questions.

St. Luke's Hospital
Credit: OCCRP/The Daphne Caruana Galizia Foundation St. Luke's Hospital in Malta in January 2023. Steward began managing the hospital in 2018.

Pursuing Steward’s “Main Opponent” in Malta

With a security detail, bomb-proof car, and corporate jets, Ralph de la Torre travels through the world like a Russian oligarch.

The former cardiac surgeon, who now heads Steward Health Care, spent years telling investors of his company’s huge profits while promising patients the highest levels of hospital care.

But behind the scenes, de la Torre was instructing his executives to pursue some people who challenged that narrative.

A key target of Steward’s intelligence operations was Chris Fearne, Malta’s health minister from 2016 until earlier this year. He was also the country’s deputy prime minister until resigning in May, when charges of fraud and misappropriation were filed against him in connection with the hospital deal. (Fearne has pleaded not guilty.)

Steward blamed Fearne when payments to the healthcare firm were held up after disputes over whether Steward was providing all the medical services it had been contracted to deliver under the government contract.

“I am truly getting exasperated,” Armin Ernst, CEO of Steward’s international division, wrote to Fearne in 2018. “It is not possible to run the operations of an organization when … revenue transfer from [Malta’s government] become [sic] a matter of guess work of what, when and how much will be received.”

By 2021, senior Steward staff, frustrated by what they termed ‘by the book” adherence to the contract, contemplated suing Fearne and Malta’s government in the U.S., where they planned to allege extortion and solicitation of bribes, a leaked email shows.

“This is NOT an idle threat,” wrote Steward senior executive Mark Rich in an email to its Maltese lawyers in May 2021. “We are literally prepared to drop a case in US Federal Court naming Fearne and others as bad players … just launching the case will put [Malta’s government] in the penalty box.”

No lawsuit followed, but Steward acted decisively in another way — with an operation codenamed “Project Albacore.”

Project Albacore

This project targeting former Maltese Health Minister Chris Fearne was spearheaded by Steward and brought in two private intelligence companies.


A document created in May 2022 by CT Group places then-Health Minister Chris Fearne at the center of a bribery scheme.


An email referring to weekly calls for Project Albacore, sent to Steward’s general counsel, Herb Holtz, the heads of private intelligence firms CT Group and Blackmore, and a lawyer from Steward’s law firm, Quinn Emanuel.


An email from the head of Audere asking for communications on Project Albacore to be kept to Signal, a secure messaging platform.


A proposal for a project called “Bluefin” written by CT Group, which suggests targeting Steward’s “main opponent” in the Malta hospital concession through information anonymously deployed to the media.


A fake banking record that purported to show the payment of a bribe.


The first page of a briefing note on Malta’s Golden Passport program, produced by a director of CT Group. The note went on to accuse the health minister of accepting a bribe.

slick.woff slick.ttf

In December 2021, Steward directed its law firm, Quinn Emanuel, to hire CT Group, a London-headquartered intelligence firm whose staff includes the U.K. government’s former counter-terrorism chief.

In July 2022, CT Group sent the law firm a proposal for Steward in which it pledged to “identify, evidentialise, and deploy into the public domain information about the main opponent of the Client’s concession in Malta.” The aim of the campaign was to identify “improper” behavior and leak it anonymously to Maltese media. (Asked to comment on this document and who the “main opponent” of its client was, CT Group did not respond.)

Evidence including emails and invoices show that this “main opponent” was Fearne, the man who oversaw the concession and who became the focus of an intensive intelligence campaign that would generate fees for CT Group of $2.16 million in 2022 alone, records show.

In September that year, a director at CT Group at the time, Will Crawford, produced a two-page briefing note titled “Malta: Abuse of Passport Scheme.” It laid out a case that Fearne had used his position to lobby for the issuance of a Maltese passport to the brother of a longstanding adviser to Vladimir Putin, in exchange for a bribe. The note claimed that a “fixer” for the Russian adviser had paid 3.2 million euros ($3.5 million) to an account held by the daughter of Fearne’s former chief of staff, and that a record of the bank transfer was “attached.”

This document was in the possession of Steward by October 2022, when Ernst, the company’s international CEO, emailed it to a U.K.-based partner at Quinn Emanuel. He also sent a copy of the bank record supposedly showing the 3.2-million-euro payment.

But the record was not authentic. Alex Cobham, chief executive of the U.K.-based NGO Tax Justice Network, reviewed the document for OCCRP and called it a “clumsy and inexpert” fake.

“While the document claims to relate to a transfer made on 22 November 2019, the SWIFT code (specifically, the message input reference) indicates a transfer made on 22 February 2018.”

It’s unclear whether Steward or Quinn Emanuel were aware the bank record was a fake, or how it may have been disseminated.

But six months later, in early 2023, Matthew Caruana Galizia, the director of the Daphne Caruana Galizia Foundation, a Maltese NGO that supports investigative journalism, received a tip from a prominent U.K. journalist, who sent him an image of the supposed bank transfer. A second U.K. journalist later approached him to give him the briefing note on Fearne.

“I think one was down to excitement, convinced that it was genuine, and the other was a bad actor, a tabloid journalist turned PR operative, acting maliciously, knowing full well that the document was forged but really using every trick in the book to manipulate us into publishing it,” Caruana Galizia recalled.

Caruana Galizia looked into the bank record, but became concerned after he contacted the Austrian bank named in it and was told the document was forged. He contacted the person who had purportedly transferred the money, who also said it was a fake.

Instead of an expose on Fearne, Caruana Galizia published a blog post debunking the claims and calling attention to the attempted disinformation campaign. But the fake record eventually surfaced on websites elsewhere, including in Ukraine, where it was reported as fact and subsequently re-reported in Maltese media.

Carmen Ciantar, Fearne’s former chief of staff whose daughter was named in the fake record, described the experience as “devastating, both professionally and personally.”

“You can imagine the horrible sensation of facing these heinous public lies without knowing who is behind them,” she told OCCRP.

Fearne said the alleged disinformation campaign against him was an “attack on the very integrity and wellbeing of the Maltese State.”

“If confirmed it would not be coincidental that this disgusting act was carried out at a time when I was rigorously insisting on Steward fulfilling their contractual obligations,” he said, adding that when the allegations emerged last year, he had asked Maltese police to investigate the fake documents.

Asked for comment on whether police had indeed investigated the claims against Fearne and Ciantar, a Maltese police spokesperson said: “following police investigations, no evidence was found about the alleged matter that could lead to a criminal prosecution.”

CT Group told OCCRP that allegations it handled fabricated documents were “false” and said it “is confident the intelligence sourced is [sic] this project is genuine and accurate.”

Crawford, who left CT Group last year to set up his own intelligence consultancy, did not respond to questions.

Quinn Emanuel said the firm “has no knowledge of — and certainly played no role in — any of the alleged activities you describe” and declined to comment further, citing attorney-client privilege.

Steward did not respond to a request for comment on the campaign against Fearne.

🔗Other Allegations of Forgery Against CT Group

CT Group might have supplied false bank documents in another case currently making its way through the U.K. court system.

Last year, the company was hired by a U.K. law firm to obtain confidential bank documents which appeared to show how a wealthy Belgian national had misled a court in Jersey over the extent of her fortune amid a family dispute. But when several banks disavowed the files, an English High Court judge said they were probably fakes.

“The evidence of forgery is, as it presently appears, very strong … The Claimant has gone to extreme lengths to obtain documentation from a series of banks all of which disown the transactions in question. These would in themselves be sufficient, contrary to the submissions of CT Group, to satisfy me that there was a good arguable case of forgery,” wrote Charles Hollander KC in a judgment published in December.

Hollander did not formally rule on whether the files were forged, adding “I do not consider that the evidence before the court demonstrates wrongdoing or improper behaviour by CT Group.”

‘The Experience Terrified Her’

As they sat at home watching TV one evening last spring, British businessman Fraser Perring and his partner had no idea they were being secretly filmed.

Perring’s company, Viceroy Research, makes money by “short selling” — betting that the share prices of other companies will go down, and then publishing negative information which further depresses the prices.

Viceroy had just released a bombshell investigation into Steward’s relationship with Medical Properties Trust (MPT), a real estate investment trust that was also its biggest shareholder, alleging Steward had fraudulently overvalued its Colombian assets by around $50 million in a sale to MPT.

Then somebody began watching Perring — closely.

Perring says he started to notice strange disturbances at home: his CCTV system stopped working, and he came home to unexpectedly find his door unlocked and computer open. He filed incident reports with the police, though no further action was taken.

He became concerned that people close to him were being targeted. “They have also followed my child and the experience terrified her,” Perring told OCCRP. To get away, he took his family on holiday to Mexico for two weeks.

Leaked files now confirm that Perring’s suspicions were correct: He was being followed.

Fraser Perring and his partner secretly filmed at home
Credit: Leaked video obtained by OCCRP A still from a surveillance video showing how Fraser Perring (right) and his partner were secretly filmed at home.

A surveillance report obtained by OCCRP reveals that a five-man team of security professionals staked out Perring’s home in rural England over six days in March 2023, shortly after Viceroy published its investigation into Steward. It documented the location of entrances and CCTV cameras at Perring’s property, and revealed that a tracker was placed on his car. For days on end, private spies logged Perring’s every move: a trip to the supermarket, a visit to his local pub, and even journeys to pick his daughter up from school.

The report was authored by Greyprism, a security company founded by former members of the U.K.’s Special Forces. Greyprism’s report doesn’t disclose who its client was, but evidence seen by OCCRP shows that the report was in the possession of Audere, a London-based intelligence firm founded by former British Army officer Charles Blackmore that had been working for Steward for more than five years on assignments connected to the Malta hospital deal.

While reporters have not seen evidence that Steward had possession of the surveillance reports, documents obtained by OCCRP, including communications between the companies, suggest that Steward executives were involved in directing Audere’s work for them, and that Audere employees reported back on their activities to Herb Holtz, Steward’s general counsel, as well as joining regular calls on “Project Albacore,” the operation targeting the Maltese health minister.

Two Audere employees appeared to lead the company’s work for Steward: Audere’s owner, Blackmore and a company director, Monika Rihma, whom Blackmore described in a leaked communication as being “closest” to Holtz.

Lawyers for Audere, Blackmore, and Rihma called the allegations “false” and “seriously defamatory” but declined to dispute specific claims, citing confidentiality.

Audere also handled documents that detailed other confidential personal information about Perring, including his HSBC bank account number and balance, transactions going back over five years — including from his Swiss private banker — and detailed data on his recent phone calls, including which numbers he had called when.

A document detailing the information also recommended “researching” Perring’s banker’s account, which “may prove advantageous in the likelihood it is being deployed as a conduit for VICEROY or other entities.”

It’s unclear how the confidential information was obtained, but Perring told OCCRP that the information was “100 percent accurate” and that he had never kept records of the information or shared his login details.

Perring wasn’t just being watched — he was being smeared. The same week the surveillance operation began, an account called @viceroyleaks appeared on Twitter (since renamed X) and began sharing, insulting posts about Perring and Viceroy’s research. “This account’s sole purpose is to expose #fraud, #scam and #insidertrading of Fraser Perring and Viceroy … YOU WON’T GET AWAY WITH IT!,” the account posted on March 8, 2023.

A viceroyleaks post to X
Credit: Screenshot of an X post shared by @viceroyleaks A viceroyleaks post to X (formerly known as Twitter).

Leaked correspondence shows that Audere had control over the Twitter account and produced its content, which Blackmore personally reviewed. In one case, Blackmore said he had sent a proposed Twitter post to “HH” for review, an apparent reference to Herb Holtz.

In an internal discussion from July 2023, Blackmore described to his staff how a client he referred to as “Herb” was demanding that Audere conduct more “offensive false flag” operations against Perring, even though the firm felt it had done enough. “This guy is really under pressure,” Blackmore said, referring to a previous operation against Perring. “He is so offensively false flagged that he’s fucked,” he said at another point.

“For clarification, what is Herb expecting?” another employee asked.

“He is expecting us to say, ‘Ok, we’ve initiated the offensive false flag which we’ve said we’re going to do, which is essentially fingering him and Viceroy… Anyway, I’m still trying to hold off because I think we’ve got enough pressure on FP at the moment. But the client is paying the bills.”

Holtz did not respond to a request for comment, and Steward did not respond directly to questions on the intelligence work. However, in a comment to the Boston Globe, Steward said, “While general counsel and as a private lawyer since then, Holtz has neither recommended nor sanctioned any illegal or unethical activity.”

Perring later reported the @viceroyleaks account to police, who recorded a crime of malicious communications.

However, experts say a lack of regulation in the U.K. enables private intelligence firms to avoid scrutiny of their tactics, even as intelligence-gathering techniques traditionally used by state agencies are increasingly available on the private market.

“Private investigators are not currently subject to any specialist regulation,” Paul Dowling, a partner at U.K.-based law firm Leigh Day, told OCCRP.

Ilia Siatitsa, a program director and senior legal officer at the U.K.-based NGO Privacy International, said the U.K. has become a global hub of such companies.

“They operate without meaningful scrutiny or safeguards aimed at preventing abuse, and nothing is being done to reign them in,” he said.

A lawyer for Greyprism said its client “acts in accordance with the law” and “would not, and has not, acted in the manner alleged and in breach of its legal obligations.” Citing confidentiality, data protection, and legal privilege, the lawyer said Greyprism could not discuss specific cases, but said the company “does not conduct unlawful physical or technical surveillance.”

Investigating The Enemy Within

Audere was even enlisted to find dirt on Steward’s own staff.

A report dated April 2023 obtained by OCCRP included compromising personal information extracted from the company device of a former senior employee Steward worried might leak information to its auditor. The report’s author was a director at Audere, its metadata reveals.

Identifying the employee by the code name “Pudding,” the report alleged that he had solicited a sex worker — a possible criminal offense, it noted. It also extracted messages from “Pudding’s” company devices in which he shared private medical information with a doctor’s office and discussed a surgical procedure he sought to have performed. “Efforts to recover and analyse additional information from the extracted device image are ongoing and further results will be briefed separately as soon as they come in,” the report said.”

Separate leaked correspondence from earlier that year shows how Blackmore sought to obtain an embarrassing photograph of the employee — whom OCCRP has chosen not to name due to the personal nature of the information Audere compiled about him — from a company device.

A plan was also discussed for Audere to gather more information by speaking to the sex worker, and arranging for a female “agent” to approach the employee by pretending she was interested in leadership coaching. In correspondence, Blackmore said he would put this plan to “Herb.”

Steward’s probe of the employee appears to have been prompted by concerns he might leak damaging information about a possible several-hundred-million-dollar hole in the company’s budget to Crowe, an external auditor for a real estate deal Steward was involved in. In a February 2023 email, Mark Rich, the Steward executive, said the company must “have the gameplan ready TO GO, the VERY second a leak occurs. I don’t want any daylight between the leak and our action.”

By August 2023, “Pudding” had been placed as a target on an Audere chart that also included Crowe and Viceroy Research.

A whiteboard diagram put together by Audere International
Credit: OCCRP A whiteboard diagram put together by Audere International showing “Pudding” (circled) as a target, along with Viceroy, the research company whose head had also been targeted, and Crowe, an external auditor on a Steward property deal.

While gathering information about competitors and critics is not uncommon in the corporate world, experts said the tactics used against Perring and “Pudding” went beyond what is ethically permissible in business intelligence.

“In these cases, you have a lot of people who say, ‘I want to hire somebody who is going to get [the critic] and make their life miserable,’” security expert Ira Winkler, the chief information security officer for CYE Security and author of several books on corporate espionage, told OCCRP’s partner, the Boston Globe.

But he added, “Following people, surveilling someone, that’s beyond the lines,” Winkler said. “It could be considered harassment. But even if legal, it’s weird for a hospital system to be spending resources on this.”

“Former and current employers should not leverage their access to data to obtain compromising or sensitive material about the personal lives of employees that could be misused for ulterior motives,” Mary Inman, a lawyer and whistleblower expert with the law firm Whistleblower Partners LLP, told OCCRP.

Through lawyers, Audere said it takes “legal and regulatory compliance obligations seriously and acts in accordance with same.” It said any suggestion that its employees had been involved in unlawful conduct was false.

Paying Bills From Malta — or Not at All

Leaked financial records show how Steward charged private spy costs to its Malta subsidiary, Steward Malta Management Limited, whose primary source of income was Maltese government money from the hospital contract.

CT Group was paid by Steward Malta Management from the start: Soon after it began investigating the Maltese health minister, Fearne in early 2022, the U.K. spy firm billed 207,000 British pounds ($254,000) to the Maltese subsidiary, an invoice obtained by OCCRP shows.

Audere was paid via Steward’s U.S. headquarters, which would then be reimbursed for these costs by Steward Malta Management, financial records show.

Emails and financial documents show how Steward paid its intelligence bills from its Maltese subsidiary — and prioritized them heavily.


An instruction to CT Group to send its bills to Steward’s Malta subsidiary.


A January 2023 invoice from CT Group to Steward for intelligence work.


Steward paid Audere’s invoices from the U.S., but they were later reimbursed by the company’s Malta subsidiary.


An email from Steward’s director of legal operations asks for an invoice from Audere to be paid immediately. Another Steward official says Audere bills are “time-sensitive,” on orders from “RDLT,” the initials of Steward CEO Ralph de la Torre.

slick.woff slick.ttf

The records also showed how bills from CT Group and Audere totalling $2.9 million for 2022 had been “allocated to Steward International (via Malta).” A further $1 million “place holder” was budgeted “via Malta” for upcoming work in 2023.

Even as Steward battled to protect its reputation in public, the company was struggling behind the scenes. (It finally declared bankruptcy in May this year.) Bills from unpaid vendors piled up, with an internal email in June 2020 noting that the firm had failed to pay over $2 million in critical costs, including doctors’ fees, wound-care services, ostomy supplies, and pest control.

But one thing remained a priority: paying the intelligence-gathering bills.

“We are relying on [them] for truly existential work,” said Holtz in a January 2022 voicemail to the company’s finance staff. “We really do need to keep them high on our list of must-pays.”

In April 2020, a senior executive at Steward pushed to have an Audere bill for $143,945 paid immediately — “before their close of business in 45 minutes.” That same month, the company had stopped paying the elevator service and repair fees for one of its U.S. hospitals, Good Samaritan Medical Center in Massachusetts.

Four months later, the hospital’s elevator service was suspended.

“They are looking for payment for these five open invoices before they will reinstate our service,” wrote a Steward employee. The total amount owed was $4,692.

Jacob Borg (Times of Malta), Matthew Caruana Galizia (Daphne Caruana Galizia Foundation), and Hanna Krueger (Boston Globe) contributed reporting.

Correction: This story has been updated to more accurately reflect the nature of Crowe’s work for Steward, and to correct the name of the law firm Mary Inman works for.

Data expertise was provided by OCCRP's Data Team. Fact-checking was provided by the OCCRP Fact-Checking Desk.

Related stories

Recent stories

Subscribe to our weekly newsletter!

And get our latest investigations on organized crime and corruption delivered straight to your inbox.