One of the largest US hospital chains has disclosed a data breach affecting 15 million patient records, including medical histories, Social Security numbers, and insurance information, in what experts call the worst healthcare breach of 2026.

The Attack

A ransomware group exploited an unpatched vulnerability in the hospital's electronic health records system, exfiltrating data over a 6-week period before deploying encryption. The attackers demanded $20 million in Bitcoin.

Impact

Clinical operations were disrupted at 140 hospitals for two weeks. Emergency patients were diverted to other facilities, and some surgeries were postponed.