Ransomware Disrupts McLaren and Ascension, With Ascension Breach Hitting 5.6 Million
McLaren Health Care confirmed it was hit by a ransomware attack that disrupted clinical and business operations across its Michigan network, forcing the organization to rely on downtime procedures and warning that recovery would extend into September. Follow-up reporting said McLaren was still restoring systems weeks later and had not yet determined whether patient or employee data had been accessed or stolen, leaving the scope of any data compromise unclear as the health system worked to bring affected services back online.
Ascension, one of the largest U.S. health systems, also suffered a major cyberattack that caused widespread outages, diverted ambulances, and disrupted electronic health records, phone systems, and other care operations; reporting at the time linked the incident to suspected Black Basta ransomware activity. Later disclosures said the attack resulted in a data breach affecting 5.6 million people, exposing personal, insurance, medical, and payment-related information and underscoring how ransomware incidents in healthcare can escalate from operational disruption to large-scale compromise of sensitive patient data.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Ascension says May cyberattack exposed data of 5.6 million people
Ascension disclosed that the cyberattack earlier in the year resulted in a data breach affecting about 5.6 million individuals. This represented a major escalation from operational disruption to confirmed large-scale exposure of personal information.
McLaren says recovery is underway but data impact remains unclear
McLaren reported it was recovering from the ransomware attack, but said it was still unclear whether patient or other data had been compromised. This marked a later update focused on restoration progress and unresolved questions about data security.
McLaren confirms ransomware attack causing prolonged disruptions
McLaren Health Care confirmed it had been hit by ransomware and said operational disruptions were expected to continue into September. The announcement established the incident as a ransomware event affecting the health system's operations.
Ascension suffers suspected ransomware attack and diverts ambulances
Ascension disclosed a cyberattack that disrupted clinical operations across its healthcare network, forcing some hospitals to redirect ambulances. Contemporary reporting described the incident as a suspected Black Basta ransomware attack.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Ascension cyberattack exposes data from 5.6M people | Cybersecurity Dive
cybersecuritydive.com
Open sourceMcLaren recovering from ransomware attack, unclear about data security
healthexec.com
Open sourceMcLaren confirms it was hit with ransomware; disruptions to last until September
healthexec.com
Open sourceAscension redirects ambulances after suspected ransomware attack
bleepingcomputer.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ransomware Attacks Disrupt Hospitals From Los Angeles to Romania and the NHS
Ransomware attacks have repeatedly crippled hospital operations, forcing providers to divert care, lose access to critical systems, and in some cases pay attackers to recover. At Hollywood Presbyterian Medical Center in Los Angeles, malware encrypted files and disrupted the hospital's computer network, prompting executives to pay about **$17,000 in bitcoin** after attackers reportedly reduced an initial demand of **$3.4 million**. The outage interfered with administrative functions and highlighted how cyberattacks on healthcare can create direct patient-safety risks. The threat later scaled across national healthcare systems. The **WannaCry** outbreak spread to nearly 100 countries and severely impacted the UK's **NHS**, knocking hospitals and clinics offline and disrupting appointments and treatment. In Romania, a ransomware attack on a healthcare IT platform left multiple hospitals offline, underscoring how attacks on shared digital infrastructure can cascade across many facilities at once and paralyze care delivery well beyond a single organization.
May 25, 2026
Ransomware Attack Disrupts University of Mississippi Medical Center and Triggers Privacy Scrutiny
A ransomware attack forced the University of Mississippi Medical Center to take major systems offline, disrupting its phone network, broader IT environment, and Epic electronic health record platform. UMMC closed all 35 clinics across Mississippi, canceled appointments including chemotherapy and elective procedures, and shifted staff to paper documentation while keeping hospitals and emergency departments open. The medical center said it was working with the FBI, outside cybersecurity specialists, and vendors to investigate the intrusion and restore operations. UMMC later reopened clinics as systems were gradually brought back online, but the fallout extended beyond the immediate outage. Subsequent reporting said the incident may have exposed the organization to potential federal privacy-law issues, raising questions about whether protected health information was adequately safeguarded during the attack. The case highlights how ransomware against healthcare providers can quickly disrupt patient care, delay treatment, and create regulatory risk alongside operational recovery.
May 25, 2026
Healthcare Ransomware Attacks Expose Patient Data at Major Providers
Richmond Behavioral Health Authority (RBHA) and MedStar Health, two major healthcare providers in the Mid-Atlantic region, have disclosed significant ransomware incidents resulting in the exposure of sensitive patient data. RBHA reported that hackers gained unauthorized access to its systems on September 29, 2025, deploying ransomware that encrypted files containing personal and protected health information for up to 113,232 individuals. Although RBHA stated there was no definitive evidence of patient data being accessed, the organization is notifying all potentially affected individuals and has implemented enhanced security measures, including third-party monitoring and stronger data policies. MedStar Health, which operates hospitals and care sites across Maryland, Virginia, and Washington D.C., confirmed a separate ransomware attack attributed to the Rhysida group, which claims to have exfiltrated 3.7 terabytes of data, including over 7 million pieces of patient information. The breach, occurring between September 12 and 16, 2025, involved the compromise of names, dates of birth, Social Security numbers, and detailed patient care information. MedStar has begun notifying affected patients and is offering complimentary identity monitoring services to those whose most sensitive data was exposed. Both incidents highlight the ongoing threat of ransomware to healthcare organizations and the significant risks to patient privacy and data security.
Mar 21, 2026