The ransomware group Medusa says it has stolen data from a major U.S. hospital chain and is threatening to publish the files unless a ransom is paid. The claim, first reported by Reuters, raises fresh concerns about the security of sensitive patient records and the pressure healthcare providers face from cybercriminals.

According to the report, Medusa has posted what it describes as stolen hospital records online. Reuters said the material appears to target a large American hospital system, though the full scope of the incident has not been independently confirmed in the reporting available so far. It is also unclear whether the data contains personal health information, billing records, or other patient details.

Healthcare remains one of the most attractive targets for ransomware crews because hospitals cannot easily shut down critical systems. A successful attack can disrupt care, delay treatments, and expose private information that patients expect to remain secure. For hospitals, the stakes are not only financial but also deeply tied to public trust and patient safety.

The latest claim underscores how persistent cyber extortion has become across the medical sector. As investigators assess the breach allegation, the case highlights the growing need for stronger cybersecurity defenses, rapid incident response, and clearer protections for patients whose data may be caught in the crossfire.