Genesis Ransomware Group Claims March 2026 Breach of Ontario’s CarePoint Health
The ransomware group Genesis has taken responsibility for a March 2026 data breach at CarePoint Health, a medical clinic network in Mississauga, Ontario. The attack compromised sensitive patient data, including names, medical records, addresses, phone numbers, and dates of birth, though the exact number of affected individuals remains unconfirmed.
On May 8, 2026, Genesis claimed on its leak site to have exfiltrated 70 GB of medical, operational, and financial data from CarePoint. The clinic first detected the incident on March 19, 2026, after receiving a threat actor’s extortion demand. While initial evidence was unclear, CarePoint later confirmed data theft, though it has not publicly acknowledged Genesis’ involvement. Investigators have not verified the group’s claims, nor disclosed details on the attack vector, ransom demands, or whether a payment was made.
Genesis, a ransomware operation active since October 2025, employs malware that both steals data and encrypts systems, demanding payment for decryption and data destruction. The group has claimed 63 attacks, with only nine confirmed by victims including four healthcare organizations prior to CarePoint. This marks Genesis’ first confirmed Canadian target and its first healthcare breach of 2026.
Canada has seen seven confirmed ransomware attacks in 2026, with healthcare providers among the hardest hit. Such incidents disrupt critical systems, forcing clinics to cancel appointments, divert patients, or revert to manual record-keeping, while exposing patients to privacy risks and operational delays.
CarePoint Health, founded in 2019, operates two clinics in Mississauga and served 11,298 patients between April 2024 and March 2025. The organization is unrelated to U.S.-based providers with the same name.
Source: https://www.comparitech.com/news/cybercriminals-say-they-hacked-carepoint-health-stole-data/
CarePoint Health Mississauga cybersecurity rating report: https://www.rankiteo.com/company/carepoint-health-mississauga
"id": "CAR1778531029",
"linkid": "carepoint-health-mississauga",
"type": "Ransomware",
"date": "3/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '11,298 patients (between April '
'2024 and March 2025)',
'industry': 'Healthcare',
'location': 'Mississauga, Ontario, Canada',
'name': 'CarePoint Health',
'type': 'Medical Clinic Network'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Medical records',
'Addresses',
'Phone numbers',
'Dates of birth']},
'date_detected': '2026-03-19',
'date_publicly_disclosed': '2026-05-08',
'description': 'The ransomware group Genesis has taken responsibility for a '
'March 2026 data breach at CarePoint Health, a medical clinic '
'network in Mississauga, Ontario. The attack compromised '
'sensitive patient data, including names, medical records, '
'addresses, phone numbers, and dates of birth. Genesis claimed '
'to have exfiltrated 70 GB of medical, operational, and '
'financial data from CarePoint.',
'impact': {'data_compromised': '70 GB of medical, operational, and financial '
'data',
'identity_theft_risk': 'Exposed patients to privacy risks',
'operational_impact': 'Disrupted critical systems, canceled '
'appointments, diverted patients, reverted '
'to manual record-keeping'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion',
'ransomware': {'data_encryption': 'Yes', 'data_exfiltration': 'Yes'},
'references': [{'date_accessed': '2026-05-08', 'source': 'Genesis leak site'}],
'threat_actor': 'Genesis',
'title': 'Genesis Ransomware Group Claims March 2026 Breach of Ontario’s '
'CarePoint Health',
'type': 'Ransomware'}