Ransomware Attacks Disrupt Hospitals From Los Angeles to Romania and the NHS
Ransomware attacks have repeatedly crippled hospital operations, forcing providers to divert care, lose access to critical systems, and in some cases pay attackers to recover. At Hollywood Presbyterian Medical Center in Los Angeles, malware encrypted files and disrupted the hospital's computer network, prompting executives to pay about $17,000 in bitcoin after attackers reportedly reduced an initial demand of $3.4 million. The outage interfered with administrative functions and highlighted how cyberattacks on healthcare can create direct patient-safety risks.
The threat later scaled across national healthcare systems. The WannaCry outbreak spread to nearly 100 countries and severely impacted the UK's NHS, knocking hospitals and clinics offline and disrupting appointments and treatment. In Romania, a ransomware attack on a healthcare IT platform left multiple hospitals offline, underscoring how attacks on shared digital infrastructure can cascade across many facilities at once and paralyze care delivery well beyond a single organization.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Ransomware attack knocks Romanian hospitals offline
Hospitals across Romania were taken offline following a ransomware attack on an IT platform used in the healthcare sector.
WannaCry ransomware outbreak hits organizations in nearly 100 countries
A massive global ransomware campaign spread across nearly 100 countries, including major disruption to the UK's NHS and other organizations worldwide.
Locky ransomware campaign targets hospitals
A large Locky ransomware campaign was reported as targeting hospitals, marking a broader wave of healthcare-focused ransomware activity months after the Hollywood Presbyterian incident. The campaign represented a distinct threat development affecting the healthcare sector.
Hollywood Presbyterian restores systems after paying ransom
The hospital paid about $17,000 in bitcoin to the attackers after an initially much higher demand was reported, and full service was restored. CEO Allen Stefanek said paying was the quickest way to regain access to encrypted files and resume administrative functions.
Hollywood Presbyterian detects ransomware attack
Hollywood Presbyterian Medical Center in Los Angeles began experiencing computer problems from a ransomware attack that disabled its network and disrupted hospital operations.
Sources
3 references tracked. Mallory keeps watching after this page renders.
'Massive' Locky ransomware campaign targets hospitals | ZDNET
zdnet.com
Open sourceRansomware attacks on Hospitals put Patients at Risk
thehackernews.com
Open sourceL.A. hospital CEO says he paid $17K ransom to hackers
usatoday.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ransomware and Data Breaches Disrupt Healthcare Providers in Australia and Romania
Medibank said attackers accessed personal data belonging to all of its customers and some authorized representatives, affecting about **9.7 million** current and former customers. The Australian health insurer said the compromised information included identifying details and health claims data for roughly **480,000** customers, and warned that all accessed data may have been stolen. Medibank later said it would **not pay the ransom**, citing expert advice that payment would not ensure the return of data or prevent its publication, while Australian officials backed the decision and warned that ransom payments fuel further extortion. In Romania, hospitals were forced offline after a ransomware attack hit a healthcare IT platform used by multiple medical facilities, disrupting operations across the country. Reporting indicated the crisis was linked to a **third-party incident**, underscoring how attacks on shared service providers can cascade across healthcare organizations. Together, the incidents highlight how cybercriminals are targeting healthcare entities through both direct intrusions and attacks on critical external platforms, exposing sensitive patient data and interrupting care delivery.
May 25, 2026
Ransomware Disrupts McLaren and Ascension, With Ascension Breach Hitting 5.6 Million
McLaren Health Care confirmed it was hit by a ransomware attack that disrupted clinical and business operations across its Michigan network, forcing the organization to rely on downtime procedures and warning that recovery would extend into September. Follow-up reporting said McLaren was still restoring systems weeks later and had not yet determined whether patient or employee data had been accessed or stolen, leaving the scope of any data compromise unclear as the health system worked to bring affected services back online. Ascension, one of the largest U.S. health systems, also suffered a major cyberattack that caused widespread outages, diverted ambulances, and disrupted electronic health records, phone systems, and other care operations; reporting at the time linked the incident to suspected **Black Basta** ransomware activity. Later disclosures said the attack resulted in a data breach affecting **5.6 million people**, exposing personal, insurance, medical, and payment-related information and underscoring how ransomware incidents in healthcare can escalate from operational disruption to large-scale compromise of sensitive patient data.
May 25, 2026
Ransomware Attack Disrupts University of Mississippi Medical Center and Triggers Privacy Scrutiny
A ransomware attack forced the University of Mississippi Medical Center to take major systems offline, disrupting its phone network, broader IT environment, and Epic electronic health record platform. UMMC closed all 35 clinics across Mississippi, canceled appointments including chemotherapy and elective procedures, and shifted staff to paper documentation while keeping hospitals and emergency departments open. The medical center said it was working with the FBI, outside cybersecurity specialists, and vendors to investigate the intrusion and restore operations. UMMC later reopened clinics as systems were gradually brought back online, but the fallout extended beyond the immediate outage. Subsequent reporting said the incident may have exposed the organization to potential federal privacy-law issues, raising questions about whether protected health information was adequately safeguarded during the attack. The case highlights how ransomware against healthcare providers can quickly disrupt patient care, delay treatment, and create regulatory risk alongside operational recovery.
May 25, 2026