Genesis ransomware group claims theft of 70GB of data from CarePoint Clinic

The Genesis ransomware group has claimed the theft of about 70 gigabytes of sensitive patient records from CarePoint Clinic, an Ontario-based comprehensive healthcare practice.

 

The ransomware group announced on its data leak website on 8th May that it stole vast amounts of healthcare data from CarePoint Clinic’s systems, including patients’ names, addresses, phone numbers, dates of birth as well as medical and financial information.

 

The ransomware group, which was first observed and tracked since 2025, has routinely targeted healthcare, financial services, manufacturing and legal services organisations, primarily those operating in the United States. The group uses social engineering to gain initial access to networks and exfiltrates vast amounts of data and uses them to demand ransom.

 

Genesis’ most successful operation was a ransomware attack on California-based Stockton Cardiology Medical Group in December 2025 that resulted in the theft of 645 gigabytes of healthcare records. The healthcare practice notified the office of the California Attorney General in March that the data breach compromised patients’ names, addresses, email addresses, billing records and limited medical information.

 

Other major healthcare organisations successfully victimised by the Genesis ransomware group in late 2025 included Community Health Action of Staten Island, Tennessee-based Advanced Family Surgery Center, and Edmonton-based River City Eye Care.

 

Genesis did not state how much ransom it has demanded from CarePoint Clinic but declared on its data leak website that it would leak the 70 GB stolen dataset on 12th May unless the healthcare practice paid a ransom.

 

Shortly after the ransomware group announced the breach, CarePoint Clinic said in an incident update posted on its website that it was first contacted by malicious actors claiming unauthorised access to its systems and data on 19th March, but has been able to confirm only recently that data had been stolen from its systems.

 

The clinic said the data security incident compromised certain patients’ full names, addresses, phone numbers, health card numbers, dates of birth, information about services received, assessment information, clinical plan information and socio-demographic information. The quantum of stolen records varied based on the group where each patient was enrolled.

 

The impacted groups included patients in structured psychotherapy programmes, Memory Clinic programmes, smoking cessation programmes, diabetes workshop, Dietician Services and Nursing Services, spirometry services, and patients in the clinic’s COVID home monitoring programme.

 

"We are sincerely sorry that this incident occurred and for the concern it may cause. Our organization was targeted by criminal actors whose actions run directly contrary to our values and the trust our community places in us," CarePoint said.

 

"While we are deeply disappointed that this criminal activity has affected our patients, we want to be clear that we are responding decisively - working to secure our systems, protect information, and support law enforcement and other authorities in holding those responsible accountable," it added.