


































A ransomware group called Genesis over the weekend took credit for a March 2026 data breach at CarePoint Health, an Ontario medical clinic.
CarePoint on March 19, 2026 reported a data breach that compromised names, medical info, addresses, phone numbers, and dates of birth, among other info.
Genesis on May 8, 2026 said it stole 70 GB of medical, operational, and financial data from CarePoint. The group posted the claim on its data leak website.
CarePoint has not acknowledged Genesis’ claim and Comparitech cannot independently verify it. We do not know how many people were compromised in the breach, how attackers breached CarePoint’s network, if CarePoint paid a ransom, or how much Genesis demanded. Comparitech contacted CarePoint for comment and will update this article if it replies.
“We first became aware of the incident on March 19, 2026, when we received contact from a threat actor claiming unauthorized access to our network and data,” says CarePoint’s notice to breach victims.
“While indications were initially unclear, data theft has now been confirmed. We have now discovered and analyzed evidence of the set of stolen files. Unfortunately, the stolen files include information about a number of clients.”
Genesis is a ransomware group that started claiming responsibility for attacks on organizations in October 2025. Its malware both steals data and locks down computer systems. Genesis then demands payment to destroy stolen data and restore infected systems.
Genesis has claimed responsibility for 63 ransomware attacks in total. Of those, nine were confirmed by the organizations targeted.
CarePoint is the group’s first confirmed Canadian target, but Genesis has attacked four other healthcare organizations. Those confirmed claims include:
The attack on CarePoint is the Genesis’ first confirmed attack claim of 2026.
Comparitech researcher have logged seven confirmed ransomware attacks on Canadian organizations in 2026 to date. They include:
Ransomware attacks on hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk. Hospitals and clinics might resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
Launched in 2019, CarePoint Health operates two clinics in Mississauga, Ontario. In the year between April 2024 and March 2025, CarePoint served 11,298 people, according to its latest annual report.
It should not be confused with US healthcare providers by the same name, including one in Colorado and one in New Jersey.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。