THIRUVANANTHAPURAM: In a shocking exposure of a lack of proper cyber security guardrails and its costly consequences, a large volume of medical data from a leading private hospital in Ernakulam district was allegedly hacked by an international cybercriminal group and posted on darkweb for sale.
The data is suspected to have been hacked by ‘The Gentlemen’, a cybercriminal group that emerged in mid-2025 and targeted more than 400 organisations, including those in the healthcare sector, in around 50 countries. The massive server-level breach was reported in mid-March and data exceeding 800 GB was exfiltrated by the hackers. The data was later placed for sale on darkweb.
A 30 MB sample data, which was accessed by TNIE from the darkweb, revealed that the claim of the hackers was authentic. The data placed for sale consisted of multiple elements including patient records, administrative records, in-patient treatment details, patient admission information, and minutes of meetings of various committees of the hospital.
An insider told this newspaper that there was an operational disruption after the cyber attack. However, the hospital authorities were of the belief that there was no data exfiltration and that critical data was safe. However, a log check revealed that there was a massive data breach.
“It began with a ransomware e-mail,” the source said. After the attack, the hospital deployed an international IT firm for cyber security service and chose not to file a police complaint. Sources with cyber operations wing of the state police confirmed that the attack indeed occurred at the hospital. However, they denied having any more knowledge of it.
“The hospital hasn’t approached the police with a complaint. They might’ve preferred to go silent over the matter,” a source said.
In April 2024, the Regional Cancer Centre (RCC) in Thiruvananthapuram had come under a ransomware cyber attack. The attack perpetrated by foreign cyber criminals led to a disruption of radiation treatment. The forensic trail pointed fingers at cybercriminals from Russia, who operated near the Russia-Ukraine border.
In the current case, too, the involvement of cyber crime syndicates from Russia is suspected as ‘Gentlemen’ is known to spare Russia and the Commonwealth of Independent States (breakaway republics from USSR). The group is now considered as the world’s second most active ransomware collective and deploys specialised multi-platform malware to explore cyber vulnerabilities.
Soviet connection?
1. A cybercriminal group that emerged in mid-2025, ‘The Gentlemen’ targeted more than 400 organisations, including those in the healthcare sector, in around 50 countries
2. ‘The Gentlemen’ is known to spare Russia and the Commonwealth of Independent States (breakaway republics from USSR)
