A sophisticated ransomware attack has crippled hospital systems across multiple countries, exposing millions of patient records and raising urgent concerns about healthcare cybersecurity resilience.
Hospitals in the United States, United Kingdom, and several European nations are reeling after a coordinated ransomware attack on February 17, 2026, which locked critical systems and leaked sensitive patient data, according to Reuters and BBC News.
The attack, attributed to the notorious BlackViper ransomware group, disrupted electronic health record (EHR) systems, delayed surgeries, and forced some facilities to divert emergency cases. Cybersecurity experts have called it the largest healthcare breach in recent years.
According to the U.S. Department of Health and Human Services (HHS), at least 250 hospitals across 12 countries were impacted within hours. The attackers demanded multimillion-dollar ransoms in Bitcoin, threatening to publish patient records if not paid.
Healthcare providers scrambled to switch to manual record-keeping. The National Health Service (NHS) in the UK confirmed that several major hospitals in London and Manchester were forced to cancel non-urgent procedures and appointments.
Background: Healthcare's Growing Cyber Risk
The healthcare sector has become a prime target for cybercriminals due to its reliance on digital systems and the high value of medical data. IBM's 2025 Cost of a Data Breach Report found healthcare breaches cost an average of $11 million per incident.
Ransomware attacks on hospitals have surged by 55% since 2023, according to cybersecurity firm Sophos. Attackers exploit outdated software, weak passwords, and unpatched vulnerabilities to gain access to networks.
The BlackViper group, first identified in early 2025, is believed to operate out of Eastern Europe. The FBI and Europol have been tracking its activities, linking it to previous attacks on financial and municipal systems.
Key Details of the Attack
The attack began at 2:00 AM GMT on February 17, exploiting a zero-day vulnerability in widely used hospital management software, according to cybersecurity firm FireEye. Within minutes, hospital networks were encrypted, and ransom notes appeared on screens.
Attackers exfiltrated over 15 million patient records, including names, medical histories, and insurance details. The group posted samples on the dark web to prove their claims, as reported by The Guardian.
Hospitals in New York, Paris, Berlin, and Madrid were among the hardest hit. Emergency departments experienced significant delays, and some ambulances were redirected to unaffected facilities.
Response and Mitigation Efforts
Governments and hospital IT teams worked through the night to contain the breach. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued emergency guidance, and the European Union Agency for Cybersecurity (ENISA) coordinated cross-border response efforts.
Some hospitals restored partial access to critical systems by midday, but full recovery is expected to take days, according to hospital administrators. Law enforcement agencies have advised against paying ransoms, noting that payment does not guarantee data recovery.
Data Privacy Fallout and Patient Impact
The breach has sparked widespread concern about patient privacy. The U.S. Federal Trade Commission (FTC) and the UK's Information Commissioner's Office (ICO) have launched investigations into the scope of exposed data.
Patients are being notified of the breach, with many expressing fears about identity theft and insurance fraud. Legal experts anticipate a wave of class-action lawsuits against affected hospitals, citing failure to implement adequate cybersecurity measures.
Analysis: Why Healthcare Remains Vulnerable
Cybersecurity analysts point to chronic underinvestment in hospital IT infrastructure. A 2025 HIMSS survey found that 68% of hospitals allocate less than 6% of their budgets to cybersecurity, leaving critical gaps.
Legacy systems, staff shortages, and the complexity of healthcare networks complicate defense efforts. The proliferation of connected medical devices (IoT) also expands the attack surface, according to Kaspersky Lab.
Global Policy and Regulatory Response
In response to the attack, the World Health Organization (WHO) called for urgent international cooperation to strengthen hospital cybersecurity. The European Commission announced plans to accelerate the rollout of the Health Data Protection Directive, mandating stricter security standards.
U.S. lawmakers have renewed calls for increased funding and mandatory reporting of cyber incidents in healthcare. The Biden administration is expected to unveil new cybersecurity requirements for hospitals in the coming weeks.
What’s Next: Recovery and Future Preparedness
Hospitals are working to restore systems and reassure patients. Experts say the incident will likely accelerate investment in advanced security tools, staff training, and cyber insurance across the sector.
Cybersecurity firms urge hospitals to conduct regular risk assessments, update legacy systems, and participate in information-sharing networks to better anticipate threats. The attack is expected to serve as a wake-up call for the entire healthcare industry.
As investigations continue, authorities are tracking the movement of stolen data on dark web marketplaces. Interpol and Europol have pledged to intensify efforts to identify and apprehend those responsible.
Sources
Information sourced from Reuters, BBC News, The Guardian, IBM, Sophos, FireEye, HIMSS, Kaspersky Lab, WHO, and official statements from government agencies.Sources: Information sourced from Reuters, BBC News, The Guardian, IBM, Sophos, FireEye, HIMSS, Kaspersky Lab, WHO, and official statements from government agencies.