Ransomware Gang Claims Massive Data Breach at American Hospital Dubai

A cybercrime group claims to have stolen a massive 450 million patient records from American Hospital Dubai (AHD), one of the most prestigious healthcare providers in the UAE. The group is now threatening to leak the stolen data unless their demands are met.

On June 4, the ransomware gang—known as Gunra—posted the claim on its dark web site. In their message, they said: “We dumped huge data from AHD, will add their Financial data soon. Keep your eyes on our site.” They also warned that the data could be released publicly on June 8.

So far, the hospital has not responded to media requests for comment.

What Data Was Allegedly Stolen?

The hackers claim they stole 4 terabytes of uncompressed data, which includes:

• Personal and demographic information

• Emirates ID numbers

• Credit card details

• Billing and payroll records

• Clinical records, including diagnoses and treatments

Cybernews researchers who reviewed a sample of the stolen data say it mostly appears to be financial documents—such as internal reports, payroll files, and billing histories. But if medical and ID data are also included, the breach could have serious legal and privacy consequences in a country with strict cybersecurity laws.

About American Hospital Dubai

Founded in 1996 and located in Dubai’s Oud Metha district, AHD is a 254-bed hospital known for advanced care and innovation. It's part of the Mohamed & Obaid Al Mulla Group and offers treatments across 40+ specialties. The hospital is also known for robotic surgeries, having performed over 1,800 procedures with the da Vinci Xi surgical system.

Who Is Behind the Attack?

The group claiming responsibility is Gunra, a new player in the ransomware world. According to cybersecurity firm Cyfirma, Gunra first appeared in April 2025 and has already attacked 12 organizations. They use a “double extortion” tactic: they encrypt a victim's files and then threaten to leak stolen data if no ransom is paid.

Gunra’s malware adds a “.ENCRT” extension to files, locking them, and leaves ransom notes with payment instructions in every folder.

What Happens Next?

If the gang follows through on its threat to release the data on June 8, the consequences could be devastating—not only for the hospital but also for thousands, or even millions, of patients.

Authorities and cybersecurity experts are likely to investigate the breach closely. For now, patients and staff are being urged to remain vigilant, especially if they receive any suspicious messages or notices involving their personal or financial information.