A sweeping ransomware attack hit healthcare networks worldwide this week, crippling hospital operations and exposing sensitive patient data, according to cybersecurity experts and government agencies.
Global healthcare networks were paralyzed on February 12, 2026, after a coordinated ransomware attack compromised hospital operations and put millions of patient records at risk, according to Reuters and cybersecurity officials.
The attack, which began late Monday night, targeted major hospital chains and health IT providers in North America, Europe, and Asia. Hospitals reported locked systems, canceled surgeries, and staff reverting to paper records, as reported by The Economic Times.
Article Image 3
Source: Photo by Sora Shimazaki on Pexels
Initial investigations by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed that the ransomware, dubbed 'MedusaStrike,' exploited a zero-day vulnerability in widely used electronic health record (EHR) software. The malware encrypted critical files and demanded multimillion-dollar payments in cryptocurrency, according to CISA advisories.

Background: Healthcare Sector’s Cyber Vulnerabilities

Healthcare has long been a top target for cybercriminals due to its reliance on interconnected systems and sensitive data, as noted by IBM’s 2025 Cost of a Data Breach Report. The sector’s average breach cost reached $11 million last year, the highest across industries.
Recent years have seen a sharp rise in ransomware attacks on hospitals, with the World Health Organization warning in 2025 that healthcare cyber incidents could threaten patient safety by disrupting critical care.

How the Attack Unfolded

According to cybersecurity firm FireEye, the MedusaStrike ransomware campaign began with a phishing email targeting hospital IT administrators. Once inside, attackers moved laterally across networks, deploying malware to encrypt files and backup systems.
Article Image 9
Source: Photo by RDNE Stock project on Pexels
Hospitals in New York, London, Berlin, and Singapore were among the first to report outages. Emergency rooms diverted ambulances, and some patients were transferred to unaffected facilities, as local news outlets confirmed.

Data Privacy Concerns Escalate

The attackers claimed to have stolen over 20 million patient records, including medical histories, insurance details, and social security numbers, according to a statement posted on the dark web. Cybersecurity analysts at Kaspersky Lab verified samples of leaked data.
Data privacy regulators in the EU and U.S. launched urgent investigations. The U.S. Department of Health and Human Services (HHS) warned that exposed health data could fuel identity theft, insurance fraud, and blackmail schemes.

Government and Industry Response

CISA and Europol coordinated with affected hospitals to contain the breach and restore systems. The FBI issued a joint advisory urging healthcare providers to patch software, review backup protocols, and report suspicious activity.
Healthcare IT vendors scrambled to release emergency patches for the exploited EHR vulnerability. The American Hospital Association called for increased federal funding for cybersecurity upgrades, citing the sector’s chronic underinvestment.

Analysis: Why Healthcare Remains a Prime Target

Experts say the attack highlights systemic weaknesses in healthcare cybersecurity. Many hospitals run outdated systems, lack dedicated security teams, and face budget constraints, according to a 2025 report by the Ponemon Institute.
Ransomware groups increasingly use double-extortion tactics, threatening to leak stolen data if ransoms are not paid. The MedusaStrike gang has previously targeted financial and municipal systems, but this is their largest healthcare operation to date, as tracked by Group-IB.
Article Image 19
Source: Photo by cottonbro studio on Pexels

Impact on Patient Care and Trust

Disrupted hospital operations led to postponed treatments, delayed lab results, and confusion among patients and staff. Healthcare leaders warned that repeated cyberattacks could erode public trust in digital health systems.
Patients expressed concern over the safety of their personal information. Advocacy groups called for stronger data privacy laws and transparency from healthcare providers regarding breach notifications.

What’s Next: Strengthening Defenses

Governments and industry leaders are expected to accelerate investments in cybersecurity infrastructure, workforce training, and threat intelligence sharing. The EU is considering new mandates for healthcare data encryption and incident reporting, according to Politico.
Cybersecurity experts urge hospitals to adopt zero-trust architectures, conduct regular risk assessments, and engage in public-private partnerships to defend against evolving threats.
As investigations continue, authorities warn that the full extent of the breach may not be known for weeks. The incident serves as a stark reminder of the urgent need to secure critical healthcare infrastructure against sophisticated cyber adversaries.

Sources

  • Reuters
  • The Economic Times
  • IBM
  • World Health Organization
  • FireEye
  • Kaspersky Lab
  • Ponemon Institute
  • Group-IB
  • Politico

Sources: Information sourced from Reuters, The Economic Times, IBM, WHO, FireEye, Kaspersky Lab, Ponemon Institute, Group-IB, and Politico.