The Royal Bahrain Hospital has reportedly been targeted by the Payload ransomware group, which claims to have exfiltrated 110 GB of sensitive information. The attackers have posted proof of the breach on their leak site and set a payment deadline of March 23 to prevent the public release of the stolen data.
The Payload ransomware group recently announced a successful breach of the Royal Bahrain Hospital, a prominent 70-bed healthcare facility that has served the region since 2011. To validate their claims, the cybercriminals published screenshots of the hospital's internal systems on their dedicated Tor leak site. The gang asserts that they managed to steal 110 GB of data during the intrusion, putting the privacy of numerous patients and administrative records at significant risk.
This security incident places a heavy burden on the hospital, which provides a wide range of inpatient and outpatient services including surgery and maternity care. Because the facility caters to a broad international patient base from Bahrain, Oman, Qatar, Saudi Arabia, and the United Arab Emirates, the potential data exposure could have cross-border implications. The attackers have issued a clear ultimatum, stating that the captured information will be made public if their ransom demands are not met by the March 23 deadline.
Technically, Payload represents a sophisticated threat in the current cybercrime landscape due to its use of a double-extortion model. This strategy ensures that even if a victim can restore their systems from backups, the threat of a data leak remains as leverage for payment. The ransomware itself is designed to be highly effective by utilizing the ChaCha20 algorithm for file encryption and Curve25519 for secure key exchange, while simultaneously disabling security software and deleting system shadow copies to prevent easy recovery.
The group appears to be a relatively new operation that specifically targets mid-sized to large organizations within emerging markets, frequently focusing on sectors like logistics and real estate. By maintaining a public leak site, they follow the standard industry trend of using reputational damage as a primary weapon. This approach allows them to pressure victims into compliance through the threat of regulatory fines and loss of public trust.
Experts believe that Payload likely functions as a ransomware-as-a-service model, where developers provide the malicious software to affiliates who carry out the actual attacks. This structure allows the group to scale their operations quickly and target multiple high-value victims simultaneously. As the deadline approaches, the situation at Royal Bahrain Hospital highlights the ongoing vulnerability of the global healthcare sector to organized digital extortion.
Source: Payload Ransomware Claims The Hack Of Royal Bahrain Hospital