A ransomware gang has claimed that it stole 450 million records from patients of one of Dubai’s most prestigious hospitals, and they’re threatening to leak them.
-
A ransomware group claims to have exfiltrated sensitive data from the American Hospital Dubai (AHD), affecting as many as 450 million patient records.
-
The ransomware gang allegedly has exfiltrated a massive trove of data, in total 4TB uncompressed.
-
While the group asserts that patient data is part of the haul, the sample data that the Cybernews research team checked appears to be primarily financial in nature.
On June 4th, a ransomware group posted an update on its dark web leak site: it claims to have exfiltrated sensitive data from the American Hospital Dubai (AHD), affecting as many as 450 million patient records.
“We dumped huge data from AHD, will add their Financial data soon. Keep your eyes on our site,” the post warns, using a common pressure tactic to force the hospital’s hand. The gang has threatened to publicly release the stolen data on June 8th.
Cybernews has reached out to American Hospital Dubai for comment, but no response has been received at the time of writing.
AHD is one of the region’s most prestigious private healthcare providers. Founded in 1996 and part of the Mohamed & Obaid Al Mulla Group, the 254-bed acute care facility is located in Dubai’s Oud Metha district.
The hospital offers services across more than 40 specialties and is known for medical innovation, including over 1,800 robotic surgeries using the da Vinci Xi surgical system.
What data was stolen?
The ransomware gang allegedly has exfiltrated a massive trove of data, in total 4TB uncompressed. According to their post, the stolen data includes sensitive customer information, such as:
- Personal details and demographic data
- Credit card numbers
- Billing histories
- Emirates ID numbers
- Clinical records, including health conditions and treatment plans
While the group asserts that patient data is part of the haul, the sample data that the Cybernews research team checked appears to be primarily financial in nature. It includes internal hospital documents such as financial reports, payroll files, and billing records.
If the full data set contains what the gang claims, this breach could have severe privacy and regulatory implications, especially given the involvement of financial and national ID data in a region with strict cybersecurity laws.
What is Gunra ransomware?
Gunra is a new threat actor in the ransomware scene. Cyfirma analysis states that the Gunra Ransomware Group emerged in April 2025. According to Cybernews' dark web monitoring tool Ransomlooker, the gang has claimed 12 victims since its inception.
Gunra ransomware has built a reputation targeting sectors as varied as real estate, pharmaceuticals, and manufacturing. It employs a double-extortion technique by threatening to leak stolen data and is motivated by financial gain.
Once inside a system, Gunra gets to work fast. It encrypts files and adds a “.ENCRT” extension to every one of them, locking users out of their own data. Alongside the damage, it leaves behind a ransom note in every directory, outlining steps for payment and data recovery.
Your email address will not be published. Required fields are markedmarked