# Iran-linked ransomware gang targeted US healthcare org amid military conflict _Friday, June 26, 2026 at 4:39 PM EDT · Cybersecurity · Latest · Tier 2 — Notable_ ![Iran-linked ransomware gang targeted US healthcare org amid military conflict — Primary](https://cms.therecord.media/uploads/medical_health_400ce46e41.jpg) A U.S. healthcare organization was targeted in late February by an Iranian ransomware gang with ties to the country's government, according to a new report from incident responders. Beazley Security helped the unnamed organization respond to an attack that used the Pay2Key ransomware strain. Halcyon Ransomware Research Center assisted in the investigation and identified several improvements in the ransomware that made it harder to detect and more damaging. No evidence showed that data was exfiltrated during the intrusion. This differed from previous statements by U.S. intelligence agencies that Pay2Key attacks were largely conducted for information theft. The attack took place concurrently with the military conflict between the U.S. and Iran. Researchers found that the hackers had compromised an administrative account on the victim's network several days before deploying the ransomware and encrypting the environment. The hackers also sought to clear all traces of their activity and event logs after encryption. Cynthia Kaiser, senior vice president at Halcyon's Ransomware Research Center, said the incident appeared to coincide with the start of the military conflict with Iran. Kaiser questioned the motives of the incident and noted that the group does work on behalf of the government but not always. She said the public should assume other Iranian cyberattacks are occurring but have not been made public. ## Sources - [The Record](https://therecord.media/iran-linked-ransomware-gang-targeted-us-healthcare-org) - [SC Media](https://www.scworld.com/brief/illicit-svg-images-harnessed-by-bianlian-ransomware-gang) - [UpGuard](https://www.upguard.com/news/statistics-south-africa-data-breach-2026-03-31) --- Canonical: https://techandbusiness.org/newswire/X0O85GNlLhBSz1ObToeNul Retrieved: 2026-06-27T01:02:36.838Z Publisher: Tech & Business (techandbusiness.org)