SSM Health Care Corporation, a major U.S. healthcare provider, was targeted in a cyberattack allegedly orchestrated by Owen Flowers, one of the two British teenagers charged in the UK for cybercrimes. The attack involved infiltration and attempted damage to SSM Health’s systems, potentially compromising sensitive healthcare data, operational integrity, or patient services. While the exact extent of the breach remains undisclosed, the involvement of a healthcare entity suggests high-risk exposure, including possible disruption to medical services, unauthorized access to patient records (e.g., personal, financial, or treatment-related data), or systemic outages. The attack’s connection to a broader campaign—including attempts against Sutter Health—highlights its coordinated and malicious nature. Given the critical role of healthcare infrastructure, such incidents can threaten patient safety, erode trust in the organization, and trigger regulatory penalties. The case’s international dimension (UK-US) and the defendants’ alleged ties to other high-profile attacks (e.g., Transport for London) underscore the severity of the threat.
SSM Health cybersecurity rating report: https://www.rankiteo.com/company/ssm-health-care
"id": "SSM1392213112125",
"linkid": "ssm-health-care",
"type": "Cyber Attack",
"date": "11/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'industry': 'transportation',
'location': 'London, U.K.',
'name': 'Transport for London (TfL)',
'type': 'government agency'},
{'industry': 'healthcare',
'location': 'U.S.',
'name': 'SSM Health Care Corporation',
'type': 'private organization'},
{'industry': 'healthcare',
'location': 'U.S.',
'name': 'Sutter Health',
'type': 'private organization'}],
'date_publicly_disclosed': '2024-09',
'description': 'Two British teenagers, Thalha Jubair (19) and Owen Flowers '
'(18), were charged under the Computer Misuse Act for a '
'cyberattack on Transport for London (TfL) in 2024. Flowers is '
'also accused of conspiring to infiltrate and damage U.S. '
'healthcare entities SSM Health Care Corporation and Sutter '
'Health. Both pleaded not guilty in a U.K. court. The trial is '
'scheduled for June 8, 2026, with both defendants remanded in '
'custody. The U.S. DOJ has not publicly filed charges against '
'Flowers, while charges against Jubair were unsealed in '
'September 2024.',
'impact': {'brand_reputation_impact': ['potential reputational damage to TfL',
'potential reputational damage to SSM '
'Health Care Corporation',
'potential reputational damage to '
'Sutter Health'],
'legal_liabilities': ['Computer Misuse Act charges (U.K.)',
'potential U.S. charges for healthcare '
'attacks']},
'initial_access_broker': {'high_value_targets': ['TfL',
'SSM Health Care Corporation',
'Sutter Health']},
'investigation_status': 'ongoing (trial scheduled for June 8, 2026)',
'references': [{'source': 'The Record'},
{'source': 'BBC (Neil Henderson)'},
{'date_accessed': '2024-09',
'source': 'U.S. Department of Justice (unsealed charges for '
'Jubair)'}],
'regulatory_compliance': {'legal_actions': ['criminal charges filed (U.K.)',
'potential extradition or U.S. '
'charges'],
'regulations_violated': ['Computer Misuse Act '
'(U.K.)']},
'response': {'law_enforcement_notified': True,
'third_party_assistance': ['National Crime Agency (NCA)']},
'threat_actor': ['Thalha Jubair', 'Owen Flowers'],
'title': 'Cyberattack on Transport for London (TfL) and Alleged Attacks on '
'U.S. Healthcare Companies by British Teenagers',
'type': ['cyberattack', 'unauthorized access', 'conspiracy to damage systems']}