Foxconn North America, Unimed and Western Orthopaedics: Ransomware roundup: May 2026

Foxconn North America, Unimed and Western Orthopaedics: Ransomware roundup: May 2026

Ransomware Attacks Rise in May 2026, With Education and Retail Sectors Hit Hardest

Ransomware attacks increased by 3% in May 2026, with 661 incidents recorded up from 640 in April though still below the higher volumes seen earlier in the year. While overall activity remained relatively stable, certain sectors experienced sharp spikes, while others saw notable declines.

Sector-Specific Trends

  • Education saw the most dramatic surge, with attacks jumping 54% (from 13 to 20).
  • Food and beverage (+80%), retail (+19%), transportation (+20%), and technology (+29%) also faced significant increases.
  • Healthcare and utilities saw the steepest drops, with attacks falling 21% and 29%, respectively.

Of the 48 confirmed attacks in May:

  • 35 targeted businesses, including 11 in manufacturing the most affected subsector.
  • 7 hit government entities, with France, Spain, Croatia, Senegal, and Thailand among the victims.
  • 5 impacted educational institutions, including Universitat de València (Spain) and Delano Public Schools (US).
  • 1 affected a healthcare provider Central Medical Services of Westrock (CMSW) in the US, breached by INC, which later auctioned 200–300 GB of stolen data.

Most Active Ransomware Groups

  • Qilin led with 97 attacks, including 9 confirmed targeting entities in Australia, France, Germany, Spain, and the US.
  • The Gentlemen followed with 71 attacks (4 confirmed), while DragonForce claimed 51 attacks, allegedly stealing 20.8 TB of data the largest volume reported.
  • Other groups with notable activity included SafePay (+160%), Nova/RALord (+213%), Play (+325%), and Genesis (+1600%).

Geographic Impact

The US remained the top target, accounting for 272 attacks (+6% from April), followed by Canada (31), the UK (28), and Germany (26). Spain saw a 28% increase, while the UK and Germany experienced declines.

Data Breaches and Financial Demands

  • Nearly 115 TB of data was stolen across all attacks in May.
  • Manufacturing firms faced high ransom demands, including $4.48 million from an Italian company (UnoAerre Industries) and 8 TB of stolen data from Foxconn North America (claimed by Nitrogen).
  • Notable breaches included:
    • Unimed (Germany): 120,000+ affected, including 54,000 patients from Baden-Württemberg hospitals.
    • Cardinal Services (US): Two separate attacks (June and August 2025) impacted 142,000+ people.
    • Western Orthopaedics (US): 113,000+ patients notified after a 1.7 TB data theft in September 2025.

Year-to-Date Trends

  • Businesses saw 3,090 attacks (Jan–May 2026), a 13% increase from the same period in 2025.
  • Healthcare recorded 208 attacks (+10% YoY), while government attacks dropped 21% (145 total).
  • Education experienced 88 attacks (-25% YoY).

The data highlights shifting ransomware tactics, with threat actors increasingly targeting high-impact sectors while some industries see temporary reprieves.

Source: https://www.comparitech.com/news/ransomware-roundup-may-2026/

Unimed do Brasil cybersecurity rating report: https://www.rankiteo.com/company/unimeddobrasil

Western Sydney University cybersecurity rating report: https://www.rankiteo.com/company/western-sydney-university

Foxconn cybersecurity rating report: https://www.rankiteo.com/company/foxconn

"id": "UNIWESFOX1780562007",
"linkid": "unimeddobrasil, western-sydney-university, foxconn",
"type": "Ransomware",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Education',
                        'location': 'Spain',
                        'name': 'Universitat de València',
                        'type': 'Educational Institution'},
                       {'industry': 'Education',
                        'location': 'US',
                        'name': 'Delano Public Schools',
                        'type': 'Educational Institution'},
                       {'industry': 'Healthcare',
                        'location': 'US',
                        'name': 'Central Medical Services of Westrock (CMSW)',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Manufacturing',
                        'location': 'Italy',
                        'name': 'UnoAerre Industries',
                        'type': 'Business'},
                       {'industry': 'Manufacturing',
                        'location': 'US',
                        'name': 'Foxconn North America',
                        'type': 'Business'},
                       {'customers_affected': '120,000+',
                        'industry': 'Healthcare',
                        'location': 'Germany',
                        'name': 'Unimed',
                        'type': 'Healthcare Provider'},
                       {'customers_affected': '142,000+',
                        'industry': 'Healthcare',
                        'location': 'US',
                        'name': 'Cardinal Services',
                        'type': 'Business'},
                       {'customers_affected': '113,000+',
                        'industry': 'Healthcare',
                        'location': 'US',
                        'name': 'Western Orthopaedics',
                        'type': 'Healthcare Provider'},
                       {'industry': 'Government',
                        'location': ['France',
                                     'Spain',
                                     'Croatia',
                                     'Senegal',
                                     'Thailand'],
                        'name': 'Government entities (France, Spain, Croatia, '
                                'Senegal, Thailand)',
                        'type': 'Government'}],
 'data_breach': {'data_encryption': 'Yes (ransomware-related)',
                 'data_exfiltration': 'Yes (e.g., 20.8 TB by DragonForce, 8 TB '
                                      'by Nitrogen)',
                 'number_of_records_exposed': ['120,000+ (Unimed)',
                                               '142,000+ (Cardinal Services)',
                                               '113,000+ (Western '
                                               'Orthopaedics)'],
                 'personally_identifiable_information': 'Yes (e.g., Unimed, '
                                                        'Cardinal Services, '
                                                        'Western Orthopaedics)',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personally Identifiable '
                                              'Information (PII)',
                                              'Patient data',
                                              'Corporate data']},
 'date_detected': '2026-05-01',
 'date_publicly_disclosed': '2026-05-31',
 'description': 'Ransomware attacks increased by 3% in May 2026, with 661 '
                'incidents recorded. Education and retail sectors were among '
                'the hardest hit, with notable spikes in food and beverage, '
                'transportation, and technology. Healthcare and utilities saw '
                'declines. The US remained the top target, with 272 attacks. '
                'Nearly 115 TB of data was stolen, and high ransom demands '
                'were reported, including $4.48 million from UnoAerre '
                'Industries.',
 'impact': {'data_compromised': '115 TB (total across all attacks in May 2026)',
            'financial_loss': ['$4.48 million (UnoAerre Industries)'],
            'identity_theft_risk': 'High (e.g., Unimed, Cardinal Services, '
                                   'Western Orthopaedics)'},
 'initial_access_broker': {'data_sold_on_dark_web': 'Yes (e.g., INC auctioned '
                                                    '200–300 GB of CMSW data)'},
 'investigation_status': 'Ongoing',
 'motivation': ['Financial gain', 'Data exfiltration'],
 'ransomware': {'data_encryption': 'Yes',
                'data_exfiltration': 'Yes',
                'ransom_demanded': '$4.48 million (UnoAerre Industries)',
                'ransomware_strain': ['Qilin',
                                      'The Gentlemen',
                                      'DragonForce',
                                      'SafePay',
                                      'Nova/RALord',
                                      'Play',
                                      'Genesis',
                                      'INC',
                                      'Nitrogen']},
 'references': [{'date_accessed': '2026-05-31',
                 'source': 'Cyber Incident Report (May 2026)'}],
 'threat_actor': ['Qilin',
                  'The Gentlemen',
                  'DragonForce',
                  'SafePay',
                  'Nova/RALord',
                  'Play',
                  'Genesis',
                  'INC',
                  'Nitrogen'],
 'title': 'Ransomware Attacks Rise in May 2026, With Education and Retail '
          'Sectors Hit Hardest',
 'type': 'Ransomware'}
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.