Illustration of a healthcare ransomware attack targeting hospital servers and exposing sensitive patient records.

A leading private hospital in Ernakulam has reportedly fallen victim to a large-scale ransomware attack, resulting in the alleged theft of more than 800GB of sensitive data. According to reports, the breach occurred in mid-March and is believed to have been carried out by the cybercriminal group known as "The Gentlemen." The stolen information reportedly includes patient records, inpatient treatment details, admission data, administrative documents, and internal meeting minutes. A sample of the leaked data was allegedly found circulating on the dark web, indicating that the attackers had successfully exfiltrated confidential information.

Ernakulam Hospital Cyberattack: 800GB Patient Data Allegedly Stolen in Major Ransomware BreachErnakulam Hospital Cyberattack: 800GB Patient Data Allegedly Stolen in Major Ransomware Breach

Sources familiar with the incident suggest that the attack initially began through a ransomware email and caused operational disruptions within the hospital. Although the organization reportedly believed that its critical systems remained secure, subsequent log analysis is said to have revealed significant data exfiltration. Instead of filing a formal complaint with law enforcement, the hospital is believed to have engaged an international cybersecurity firm to investigate and strengthen its security posture. Cybercrime officials acknowledged awareness of the incident but confirmed that no official complaint had been received.

The incident highlights the growing cybersecurity challenges facing the healthcare industry, where sensitive patient data has become a prime target for ransomware groups. The alleged attackers, "The Gentlemen," have reportedly compromised hundreds of organizations across dozens of countries since emerging in 2025 and are now considered among the world's most active ransomware operators. As healthcare institutions continue to digitize operations, proactive cybersecurity measures—including continuous monitoring, employee awareness training, regular vulnerability assessments, secure backups, and rapid incident response—are becoming essential to protect critical infrastructure and maintain patient trust.

NPAV Endpoint Security, help detect fileless malware, block malicious scripts, and protect users from credential-stealing attacks delivered through fake software downloads.