A new ransomware group has claimed it stole 450 million records from American Hospital Dubai, threatening to leak data that may include financial and patient information.
Gunra Ransomware Group Targets American Hospital Dubai with Alleged 450 Million Record Breach
On June 4, the ransomware group known as Gunra claimed responsibility for what may be one of the largest healthcare data breaches in the Middle East. The group says it has exfiltrated 4 terabytes of data from American Hospital Dubai (AHD), including a staggering 450 million patient records.
In a post published on its dark web leak site, the gang stated:
“We dumped huge data from AHD, will add their Financial data soon. Keep your eyes on our site.”
They’ve also threatened to release the full dataset by June 8 unless the hospital meets their demands. This follows a common double-extortion tactic—encrypt the data, then threaten to publish it.
American Hospital Dubai: A Prestigious Medical Institution Now at Risk
Founded in 1996, American Hospital Dubai is one of the region’s most prominent private healthcare providers. Located in the Oud Metha district, the 254-bed acute care facility is part of the Mohamed & Obaid Al Mulla Group. The hospital offers over 40 medical specialties and is known for advanced surgical technologies, including more than 1,800 procedures using the da Vinci Xi robotic system.
The scale and profile of the institution make it a high-value target for financially motivated ransomware gangs.
What Kind of Data Was Allegedly Stolen?
Gunra claims the breach includes both personal and financial records. According to the group, the stolen 4TB of uncompressed data may contain:
- Personal demographic information
- Emirates ID numbers
- Credit card numbers
- Billing histories
- Clinical records, including diagnoses and treatment plans
Researchers reviewed a sample from the dump. While patient data is claimed, the verified samples so far appear to include financial documents—payroll records, internal financial reports, and billing statements.
If the full dump contains what is promised, this would pose serious compliance and privacy risks. The exposure of national ID and health data is particularly concerning in a region with strict regulatory standards around data protection and cybersecurity.
Gunra Ransomware: New but Aggressive
The Gunra ransomware group is a newcomer to the threat landscape. First observed in April 2025, the gang has already claimed 12 victims across various sectors, including real estate, pharmaceuticals, and manufacturing.
Gunra uses a double-extortion approach: once inside a network, it encrypts files and appends the “.ENCRT” extension. Victims also find ransom notes in each folder, detailing payment instructions and the threat of data publication.
Cyfirma’s analysis indicates Gunra’s operations are financially driven, with fast execution and selective targeting of high-value organizations.
“Gunra is rapidly expanding its footprint across critical sectors, using classic ransomware tactics with efficient deployment,” said Cyfirma in a recent report.
