Ransomware and Data Breaches Disrupt Healthcare Providers in Australia and Romania
Medibank said attackers accessed personal data belonging to all of its customers and some authorized representatives, affecting about 9.7 million current and former customers. The Australian health insurer said the compromised information included identifying details and health claims data for roughly 480,000 customers, and warned that all accessed data may have been stolen. Medibank later said it would not pay the ransom, citing expert advice that payment would not ensure the return of data or prevent its publication, while Australian officials backed the decision and warned that ransom payments fuel further extortion.
In Romania, hospitals were forced offline after a ransomware attack hit a healthcare IT platform used by multiple medical facilities, disrupting operations across the country. Reporting indicated the crisis was linked to a third-party incident, underscoring how attacks on shared service providers can cascade across healthcare organizations. Together, the incidents highlight how cybercriminals are targeting healthcare entities through both direct intrusions and attacks on critical external platforms, exposing sensitive patient data and interrupting care delivery.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Romanian hospital outages linked to third-party incident
Reporting the following day clarified that the Romanian healthcare disruption was tied to a ransomware incident at a third-party IT provider rather than separate attacks on each hospital. This attribution explained why many hospitals were simultaneously affected.
Ransomware attack on Romanian healthcare IT platform disrupts hospitals
A ransomware attack hit a third-party healthcare IT platform used by hospitals in Romania, causing widespread outages and forcing multiple hospitals offline. The disruption affected access to medical systems and interrupted hospital operations nationwide.
Medibank refuses to pay ransom after breach
Medibank announced it would not pay the ransom demanded by the attackers, citing expert advice that payment would not ensure data deletion or prevent publication. Australian officials publicly backed the decision and warned that ransom payments encourage further attacks.
Medibank confirms all customer personal data was accessed
Medibank said attackers accessed personal data belonging to all of its customers, covering about 9.7 million current and former customers. The company also said health claims data for roughly 480,000 customers was compromised and that all accessed data may have been stolen.
Medibank detects cyberattack and unauthorized access to customer data
Medibank disclosed a cyberattack affecting its systems and later determined that attackers had accessed customer personal information. The incident ultimately affected current and former customers as well as some authorized representatives.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Romania ransomware crisis pinned to third-party incident
theregister.com
Open sourceHospitals offline across Romania following ransomware attack on IT platform | The Record from Recorded Future News
therecord.media
Open sourceMedibank says it will not pay ransom in hack that impacted 9.7 million customers | The Record from Recorded Future News
therecord.media
Open sourceMedibank now says hackers accessed all its customers’ personal data
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ransomware Attacks Disrupt Hospitals From Los Angeles to Romania and the NHS
Ransomware attacks have repeatedly crippled hospital operations, forcing providers to divert care, lose access to critical systems, and in some cases pay attackers to recover. At Hollywood Presbyterian Medical Center in Los Angeles, malware encrypted files and disrupted the hospital's computer network, prompting executives to pay about **$17,000 in bitcoin** after attackers reportedly reduced an initial demand of **$3.4 million**. The outage interfered with administrative functions and highlighted how cyberattacks on healthcare can create direct patient-safety risks. The threat later scaled across national healthcare systems. The **WannaCry** outbreak spread to nearly 100 countries and severely impacted the UK's **NHS**, knocking hospitals and clinics offline and disrupting appointments and treatment. In Romania, a ransomware attack on a healthcare IT platform left multiple hospitals offline, underscoring how attacks on shared digital infrastructure can cascade across many facilities at once and paralyze care delivery well beyond a single organization.
May 25, 2026
Healthcare Ransomware Attacks Expose Patient Data at Major Providers
Richmond Behavioral Health Authority (RBHA) and MedStar Health, two major healthcare providers in the Mid-Atlantic region, have disclosed significant ransomware incidents resulting in the exposure of sensitive patient data. RBHA reported that hackers gained unauthorized access to its systems on September 29, 2025, deploying ransomware that encrypted files containing personal and protected health information for up to 113,232 individuals. Although RBHA stated there was no definitive evidence of patient data being accessed, the organization is notifying all potentially affected individuals and has implemented enhanced security measures, including third-party monitoring and stronger data policies. MedStar Health, which operates hospitals and care sites across Maryland, Virginia, and Washington D.C., confirmed a separate ransomware attack attributed to the Rhysida group, which claims to have exfiltrated 3.7 terabytes of data, including over 7 million pieces of patient information. The breach, occurring between September 12 and 16, 2025, involved the compromise of names, dates of birth, Social Security numbers, and detailed patient care information. MedStar has begun notifying affected patients and is offering complimentary identity monitoring services to those whose most sensitive data was exposed. Both incidents highlight the ongoing threat of ransomware to healthcare organizations and the significant risks to patient privacy and data security.
Mar 21, 2026
Multiple Healthcare Data Breaches and Regulatory Actions in the US
Several healthcare providers in the United States have recently disclosed significant data breaches resulting from cyberattacks, with patient and employee information being compromised. AllerVie Health, based in Texas, confirmed unauthorized access to its network, exposing sensitive data such as names, Social Security numbers, and insurance details, allegedly due to a ransomware attack by the Anubis group. The attackers claim to have stolen records of over 30,000 patients, and affected individuals have been offered credit monitoring and identity theft protection. In a separate incident, OrthopedicsNY, a healthcare provider in New York, suffered a breach in 2023 after attackers gained remote access using compromised credentials, leading to the exposure of data belonging to more than 650,000 patients and employees. The New York Attorney General secured a $500,000 penalty from OrthopedicsNY for failing to implement adequate security measures, and the provider is now required to enhance its data protection practices. Additionally, Singing River Health System in Mississippi reported a cyber incident that led to the temporary shutdown of its patient portal and internet access as a precaution. While the threat was reportedly mitigated, the investigation is ongoing to determine if patient records were accessed. These incidents highlight the ongoing risks faced by healthcare organizations from ransomware groups and other cybercriminals, as well as the increasing regulatory scrutiny and financial penalties for failing to protect sensitive health information. Impacted organizations are responding with offers of credit monitoring and reviews of their security policies, but the breaches underscore the need for robust cybersecurity measures in the healthcare sector.
Mar 21, 2026