• Home
  • cyber
  • Kopran Ltd and Glenmark Pharmaceuticals: Healthcare ransomware roundup: Q1 2026 stats on attacks, ransoms, and data breaches
cyber Ransomware

Kopran Ltd and Glenmark Pharmaceuticals: Healthcare ransomware roundup: Q1 2026 stats on attacks, ransoms, and data breaches

Apr 27, 2026 3 min read
Kopran Ltd and Glenmark Pharmaceuticals: Healthcare ransomware roundup: Q1 2026 stats on attacks, ransoms, and data breaches

Ransomware Surge in Healthcare: Q1 2026 Attacks Highlight Persistent Threats

The first quarter of 2026 saw 201 ransomware attacks targeting the healthcare sector, with 120 directed at hospitals, clinics, and providers, and 81 at related businesses including pharmaceutical manufacturers, medical billing firms, and healthcare tech companies. While attacks on providers declined by 15% compared to the previous quarter, incidents against healthcare businesses rose for the third consecutive quarter, surging 35%.

Despite the dip in provider-focused attacks, the sector remains a prime target for cybercriminals due to its lucrative data and operational vulnerabilities. A February 2026 attack on the University of Mississippi Medical Center crippled systems for weeks, forcing clinic closures until March. Other high-profile breaches included Nippon Medical School Musashi Kosugi Hospital in Japan, where NetRunner exposed 131,700 records, and Hospital Caribbean Medical Center in Puerto Rico, where The Gentlemen compromised data for 92,000 individuals.

Healthcare businesses also faced significant disruption. UFP Technologies, a medical device manufacturer, reported billing and shipment delays after a Payouts King attack in February, while Healthdaq, an Irish healthcare recruitment firm, disclosed a breach following an XP95 intrusion in March. In India, Glenmark Pharmaceuticals lost 1.8 TB of data to INC, and Kopran Ltd suffered a DragonForce attack with 284 GB stolen.

Key Findings for Q1 2026

  • Healthcare Providers (120 attacks):

    • 26 confirmed, 94 unconfirmed.
    • 237,747 records breached in confirmed attacks.
    • Median ransom demand: $300,000.
    • Top ransomware strains: Qilin (23 attacks), The Gentlemen (10), LockBit (9), Sinobi (7).
    • 13 TB of data allegedly stolen, with Beast claiming 2 TB across three attacks.

  • Healthcare Businesses (81 attacks):

    • 5 confirmed, 76 unconfirmed.
    • Top strains: INC (8), NightSpire (8), Genesis (6), Akira (5), LockBit (5).
    • 29 TB of data allegedly stolen, including Metaencryptor’s unconfirmed 14 TB theft from a German pharmaceutical firm.

Geographic Breakdown

The U.S. bore the brunt of attacks (59%, 119 incidents), followed by India (10), Germany (7), and Australia (6). Among confirmed attacks, the U.S. led with 10, while Germany and Japan each reported three. Reporting disparities due to varying national disclosure laws may skew confirmed attack figures.

Ransomware Groups’ Tactics

Qilin dominated provider attacks (23 incidents), while INC and NightSpire led business-targeted campaigns (8 each). Notably, Qilin’s focus shifted away from businesses, with only three attacks recorded in that subsector. Hackers claimed to have exfiltrated more than twice the data from businesses (29 TB) than providers (13 TB), despite fewer total attacks.

The quarter underscored the healthcare sector’s enduring appeal to ransomware operators, driven by high-value data, critical infrastructure, and often inadequate defenses.

Source: https://www.comparitech.com/news/healthcare-ransomware-roundup-q1-2026-stats-on-attacks-ransoms-and-data-breaches/

Kopran Ltd cybersecurity rating report: https://www.rankiteo.com/company/kopran-ltd

Glenmark Pharmaceuticals cybersecurity rating report: https://www.rankiteo.com/company/glenmark-pharmaceuticals

"id": "KOPGLE1777473227",
"linkid": "kopran-ltd, glenmark-pharmaceuticals",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'United States',
                        'name': 'University of Mississippi Medical Center',
                        'type': 'Healthcare Provider'},
                       {'customers_affected': '131,700',
                        'industry': 'Healthcare',
                        'location': 'Japan',
                        'name': 'Nippon Medical School Musashi Kosugi Hospital',
                        'type': 'Healthcare Provider'},
                       {'customers_affected': '92,000',
                        'industry': 'Healthcare',
                        'location': 'Puerto Rico',
                        'name': 'Hospital Caribbean Medical Center',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Medical Device Manufacturing',
                        'name': 'UFP Technologies',
                        'type': 'Healthcare Business'},
                       {'industry': 'Healthcare Recruitment',
                        'location': 'Ireland',
                        'name': 'Healthdaq',
                        'type': 'Healthcare Business'},
                       {'industry': 'Pharmaceuticals',
                        'location': 'India',
                        'name': 'Glenmark Pharmaceuticals',
                        'type': 'Healthcare Business'},
                       {'industry': 'Pharmaceuticals',
                        'location': 'India',
                        'name': 'Kopran Ltd',
                        'type': 'Healthcare Business'}],
 'data_breach': {'data_encryption': 'Yes (ransomware strains encrypted data)',
                 'data_exfiltration': 'Yes (29 TB from businesses, 13 TB from '
                                      'providers)',
                 'number_of_records_exposed': '237,747 (confirmed providers); '
                                              '131,700 (Nippon Medical '
                                              'School); 92,000 (Hospital '
                                              'Caribbean Medical Center)',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High (PII, medical records, financial '
                                        'data)',
                 'type_of_data_compromised': 'Patient records, medical data, '
                                             'billing information, '
                                             'pharmaceutical data, recruitment '
                                             'data'},
 'date_publicly_disclosed': '2026-Q1',
 'description': 'The first quarter of 2026 saw 201 ransomware attacks '
                'targeting the healthcare sector, with 120 directed at '
                'hospitals, clinics, and providers, and 81 at related '
                'businesses including pharmaceutical manufacturers, medical '
                'billing firms, and healthcare tech companies. The sector '
                'remains a prime target for cybercriminals due to its '
                'lucrative data and operational vulnerabilities.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': '237,747 records breached in confirmed attacks '
                                '(providers); 29 TB allegedly stolen from '
                                'businesses, 13 TB from providers',
            'downtime': 'Weeks (e.g., University of Mississippi Medical '
                        'Center)',
            'identity_theft_risk': 'High (PII exposed)',
            'operational_impact': 'Clinic closures, billing and shipment '
                                  'delays, data breaches',
            'systems_affected': 'Healthcare systems, billing systems, medical '
                                'devices, recruitment platforms, '
                                'pharmaceutical data'},
 'lessons_learned': 'Healthcare sector remains a prime target due to '
                    'high-value data and operational vulnerabilities. '
                    'Disparities in reporting due to national disclosure laws '
                    'may skew attack figures.',
 'motivation': 'Financial gain, data exfiltration',
 'post_incident_analysis': {'root_causes': 'Inadequate defenses, high-value '
                                           'data, operational vulnerabilities'},
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransom_demanded': '$300,000 (median)',
                'ransomware_strain': ['Qilin',
                                      'The Gentlemen',
                                      'LockBit',
                                      'Sinobi',
                                      'INC',
                                      'NightSpire',
                                      'Genesis',
                                      'Akira',
                                      'Beast',
                                      'Metaencryptor',
                                      'Payouts King',
                                      'XP95',
                                      'DragonForce']},
 'references': [{'source': 'Cyber Incident Report Q1 2026'}],
 'threat_actor': ['Qilin',
                  'The Gentlemen',
                  'LockBit',
                  'Sinobi',
                  'INC',
                  'NightSpire',
                  'Genesis',
                  'Akira',
                  'Beast',
                  'Metaencryptor',
                  'Payouts King',
                  'XP95',
                  'DragonForce'],
 'title': 'Ransomware Surge in Healthcare: Q1 2026 Attacks Highlight '
          'Persistent Threats',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.