Akira Ransomware Claims Breach of Healthcare Firms iGlobal Services and Medenet

The Akira ransomware group has added two healthcare-related organisations to its growing list of alleged victims, claiming to have exfiltrated sensitive internal data from iGlobal Services and Medenet. The disclosure surfaced on social media at the end of January and has since drawn attention from threat intelligence researchers monitoring healthcare-focused extortion activity.

According to the threat actor’s claims, approximately 24GB of data was stolen during the intrusions. The dataset allegedly includes employee and customer records, contractual documents, and financial information, raising concerns about downstream exposure for both organisations and their partners.

What the Threat Actor Is Claiming

Akira asserts that the stolen data spans a broad range of sensitive materials. These reportedly include internal employee information, customer or client records, legal and commercial contracts, and financial documents tied to business operations.

While independent verification of the full dataset has not yet been made public, the volume claimed suggests more than a limited breach. In ransomware-driven extortion campaigns, attackers often prioritise high-impact data that can be leveraged to apply pressure rather than indiscriminately dumping files.

Healthcare Remains a High-Value Target

Healthcare and health services firms continue to attract ransomware groups due to the combination of sensitive data, complex IT environments, and operational pressure to restore services quickly. Even organisations that do not directly provide clinical care often handle regulated data and mission-critical workflows.

Employee records, customer information, and financial documents can be monetised in multiple ways, from extortion and resale to targeted fraud and follow-on phishing campaigns. The exposure of contracts may also reveal pricing structures, partner relationships, and strategic details.

Akira’s Operating Pattern

The Akira ransomware group has built a reputation around double extortion tactics, combining system disruption with data theft. Victims are typically pressured through the threat of public disclosure if ransom demands are not met.

Recent Akira incidents have shown a focus on mid-sized enterprises across healthcare, manufacturing, and professional services. The group’s activity suggests a preference for environments where a blend of legacy systems and third-party integrations can complicate rapid containment.

Current Status and Unknowns

At the time of reporting, neither iGlobal Services nor Medenet has publicly confirmed the breach or commented on the claims. As with many ransomware disclosures, there can be a lag between threat actor announcements and official statements while investigations are ongoing.

Key questions remain unresolved, including the initial access vector, the duration of attacker presence, and whether systems were encrypted in addition to data being exfiltrated. These details will be critical in assessing the full impact of the incident.

Implications for Security Teams

For healthcare security leaders, the incident is another reminder that ransomware groups continue to view service providers and intermediaries as viable entry points into broader ecosystems. A breach at one organisation can ripple outward to clients, partners, and downstream systems.

Defensive priorities include tightening access controls, monitoring for unusual data transfer activity, and maintaining tested incident response plans that account for extortion scenarios. Clear communication strategies are also essential when handling claims involving sensitive employee and customer data.

As ransomware operations remain active and adaptive, incidents like the alleged Akira breach reinforce the need for continuous visibility and preparedness across the healthcare supply chain.