WASHINGTON — Social media accounts that track ransomware activity claimed over the weekend that MedStar Health, one of the largest healthcare systems in the Washington region, had been targeted by the Rhysida ransomware group.
The claims, which appeared Saturday on X (formerly Twitter), alleged that Rhysida had encrypted parts of MedStar’s network and was threatening to release data unless a ransom was paid. No supporting evidence was immediately provided, and MedStar Health has not publicly commented on the reports.
The posts quickly drew attention from cybersecurity researchers, who noted that Rhysida has previously claimed responsibility for attacks on government and healthcare organizations. In August, the group said it breached the Maryland Transit Administration and demanded roughly $3.4 million in cryptocurrency to avoid public release of stolen files — a claim that state officials later said they were investigating.
As of Sunday evening, there was no confirmation from MedStar or law enforcement that its systems had been compromised. The healthcare network’s websites and patient portals appeared to remain accessible, and there were no widespread reports of service disruptions.
Rhysida, which emerged in 2023, is known for claiming high-profile attacks on hospitals, universities, and public agencies. The group typically publishes stolen files on its leak site if victims refuse to pay.
The FBI and the Cybersecurity and Infrastructure Security Agency have previously warned about the group’s tactics, urging organizations to strengthen data backups and incident response procedures.
The scope and validity of the alleged MedStar incident remain unclear, and no ransom note, data sample, or verification has been released. As of now, the reports exist solely in social media posts circulating within the cybersecurity community.
