Woodlawn Health
July 5, 2025
•[ ransomware, malware, healthcare ]
Woodlawn Health in Rochester, Indiana suffered a ransomware attack starting July 5, 2025, which encrypted systems and disrupted clinical and administrative operations. Systems were gradually restored, and officials confirmed that some patient care was impacted. Investigations continue into whether personal or medical data was exfiltrated.
Ingram Micro
July 3, 2025
•[ ransomware ]
SafePay ransomware attack on Ingram Micro shut down internal systems, website, and online ordering systems.
Avantic Medical Lab
July 3, 2025
•[ ransomware, data leak ]
Everest listed the lab June 10 and leaked 31 GB of patient files on July 3; contents include PHI, EOB files, and some financial details.
Deutsche Welthungerhilfe (WHH)
July 2, 2025
•[ ransomware, data leak ]
RaaS group listed WHH and offered stolen data for sale; WHH shut down affected systems, involved police and DPA, and refused to pay.
Accu Reference Medical Laboratory
July 1, 2025
•[ ransomware, data leak ]
Qilin listed Accu Reference on July 10 claiming they acquired data on July 1; screenshots display unredacted PHI; encryption not indicated.
MPOWERHealth
June 29, 2025
•[ ransomware, leak, hack ]
WorldLeaks, a criminal ransomware group, claimed responsibility for a June 29, 2025 cyberattack on MPOWERHealth in Addison, Texas. The attackers exfiltrated roughly 1.5 TB of data (over 1.6 million files), including PHI, insurance claims, internal documents, login credentials, and cyber-insurance records. While negotiations began, the company ceased responding, after which WorldLeaks leaked the stolen files. Reports indicate data theft and exposure but no confirmed operational outage.
Radix (Swiss government IT service provider)
June 25, 2025
•[ ransomware, data leak ]
Swiss IT provider Radix suffered a ransomware intrusion by the Sarcoma group around June 25 2025; attackers exfiltrated ~1.3 TB of Swiss federal data, encrypted internal systems, and leaked the files online; NCSC confirmed no direct intrusion into federal networks.
Operation Endgame 2.0
June 23, 2025
•[ ransomware, malware, government ]
In May 2025, a coalition of law enforcement agencies took down the criminal infrastructure behind the malware used to launch ransomware attacks in a new phase of "Operation Endgame". This followed the first Operation Endgame exercise a year earlier, with the latest action resulting in 15.3M victim email addresses being provided to HIBP by law enforcement. A further 43.8M victim passwords were also provided for HIBP's Pwned Passwords service.
Netstar
June 23, 2025
•[ leak, ransomware ]
Data details undisclosed publicly; breach confirmed as involving data leak following refusal to pay ransom.
United Australia Party (and Trumpet of Patriots)
June 23, 2025
•[ ransomware, data leak ]
Political parties confirmed ransomware on June 23 with possible exfiltration of all emails and documents; parties stated it is impracticable to notify individuals.
Compumedics Limited
June 18, 2025
•[ ransomware, data leak ]
Australian med-tech firm Compumedics reported a ransomware attack that resulted in exfiltration of data affecting approximately 318,000 individuals.
Ministry of Health (Tonga)
June 15, 2025
•[ ransomware, data leak ]
Ransomware attack beginning June 15 2025 by INC exploited an unpatched web-facing application server in Tongas National Health Information System, enabling data exfiltration and subsequent encryption of Ministry servers. About 70,000 patient records and 300 GB of data were leaked; operations restored by July 18 2025 with international assistance.
Undisclosed city in Sweetwater County, WY
June 15, 2025
•[ ransomware ]
Local outlet notes ongoing silence from a Sweetwater County city one month after a June ransomware attack.
Siloking Mayer Maschinenbau GmbH
June 15, 2025
•[ ransomware, production halt, emergency mode ]
Siloking Mayer Maschinenbau GmbH was affected by a ransomware attack by Qilin that halted production for several days and forced systems onto emergency mode before restoration.
Manassas Park City Schools
June 12, 2025
•[ ransomware, malware, education ]
The MPCS network was infiltrated and encrypted via ransomware around June 12, 2025; data may have been accessed including full names paired with SSNs, passport numbers, or financial account details. No group has claimed responsibility. Investigation ongoing and FBI notified.
Disneyland Paris (via third-party contractor)
June 12, 2025
•[ ransomware, data leak ]
Anubis ransomware group claimed to have stolen 64 GB (approximately 39,000 files) of engineering and renovation data from a Disneyland Paris third-party contractor and listed the victim on its leak site; no confirmation of intrusion method or verification from Disneyland Paris.
Ogeechee Judicial Circuit District Attorney’s Office
June 11, 2025
•[ ransomware ]
Ransomware attack on the Ogeechee Judicial Circuit District Attorneys Office in Georgia on June 11, 2025 encrypted internal systems and forced closure of offices for several days; no data theft or leak reported; attacker identity unconfirmed.
City of Thomasville (Municipal Government)
June 11, 2025
•[ ransomware, data leak ]
Cyberattack on the City of Thomasville, North Carolina discovered June 11 2025; INC ransomware group claimed responsibility and alleged theft of 260 GB of city data; municipal systems taken offline for containment; no encryption or customer data exposure reported.
British Horseracing Authority (BHA)
June 11, 2025
•[ ransomware ]
On June 11 2025, the British Horseracing Authority suffered a cyberattack that forced closure of its London headquarters and disrupted internal IT and administrative systems for several days. Multiple outlets reported ransomware-style activity consistent with financially motivated criminal actors. No data theft has been confirmed.
Ogeechee Judicial Circuit District Attorney’s Office
June 11, 2025
•[ ransomware, encryption, office closure ]
Ransomware attack on the Ogeechee Judicial Circuit District Attorneys Office in Georgia on June 11, 2025 encrypted internal systems and forced closure of offices for several days; no data theft or leak reported; attacker identity unconfirmed.
