Storyline

Lazarus group targets healthcare with medusa ransomware

The Lazarus Group has begun using Medusa ransomware to target healthcare organizations in the US and the Middle East. This marks a new phase in their cyber operations, which also involve other malicious tools.

Published 2026-02-24 11:00 UTCUpdated 2026-02-24 21:18 UTC

Current brief openSource links open

This current storyline is open here with summary, metadata, source links, continuity context, and full evidence. Paid is for compare-over-time, alerts, exports, and workflow.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Lazarus Group Picks a New Poison: Medusa Ransomware

Dark Reading · News · darkreading.com · 2026-02-24 21:18 UTC

North Korea's Lazarus Group targets US, Middle East healthcare sectors

SC Media · News · scworld.com · 2026-02-24 19:49 UTC

North Korea's Lazarus Group targets healthcare orgs with Medusa ransomware

The Register Security · News · go.theregister.com · 2026-02-24 18:25 UTC

North Korean Lazarus Group Now Working With Medusa Ransomware

blueteamsec · security.com · 2026-02-24 19:41 UTC

View all evidence

Overview

Score total

1.71

Momentum 24h

Posts

Origins

Source types

Duplicate ratio

Why now

The rise in ransomware attacks on healthcare coincides with increased cyber vulnerabilities during the pandemic.
Lazarus Group's shift to Medusa ransomware reflects evolving strategies in cybercrime.
Timely awareness of these threats is crucial for enhancing cybersecurity measures in healthcare.

Why it matters

Healthcare organizations are critical infrastructure and vulnerable to cyberattacks.
The use of ransomware can lead to significant data breaches and operational disruptions.
Lazarus Group's tactics indicate a growing sophistication in cyber threats.

Continuity snapshot