Ransomware group Gunra claims attack on American Hospital Dubai

The American Hospital Dubai (AHD), one of the UAE's leading private healthcare providers, has supposedly fallen victim to a ransomware attack by the newly emerged Gunra cybercriminal group. 

The incident occurred on June 1, 2025 and if confirmed to be true represents one of the most significant healthcare data breaches in recent history. Gunra gang claims to have successfully infiltrated AHD's IT infrastructure, encrypting the hospital's virtual machines and storage systems while simultaneously exfiltrating massive amounts of sensitive data.

According to internal documentation allegedly obtained during the breach and shared with DataBreaches.net AHD's IT team identified the critical system downtime at 02:00 AM on June 1, 2025, affecting the hospital's VMware vSphere infrastructure and EMC Unity storage systems. The cyberattack resulted in the encryption of virtual machines and storage volumes, disrupting access to multiple core hospital systems including VMware vSphere (vCenter, ESXi hosts, and associated virtual machines), EMC Unity Storage production LUNs, and critical services such as Cerner, MyCare, LIS, and various third-party applications.

The claimed scope of the data breach is staggering, with Gunra claiming to have stolen the entire Oracle Health EHR database (formerly known as Cerner Millennium) containing approximately 450 million patient records. Other sources of  information suggest that the actual number may be closer to 4.6 million unique patients, with the discrepancy likely due to multiple records per patient or inflated claims by the attackers. 

The exposed data supposedly includes:

• Personal demographic information and patient identifiers
• Credit card numbers and financial billing information
• Medical and diagnostic records from various departments
• Emirates ID numbers and contact details
• Fertility treatment records and reproductive health information
• Clinical notes and treatment plans
• Sperm preservation service records for cancer patients
• Financial documents including payroll files and billing records
• Internal business documents and fee analysis reports

Fertility treatment records from the first quarter of 2025, contain extremely sensitive information about patients seeking conception assistance, sperm preservation services for medical reasons such as cancer treatment, and other reproductive health decisions. 

The exact number of affected individuals is not disclosed in official sources, and AHD has not provided a clear statement regarding the scope of the breach. 

Gunra has already begun leaking portions of the data as proof of their claims, including patient records and internal hospital communications. The attackers have  threatened to release credit card numbers and additional personal private information, describing AHD's leadership as "fakers" and criticizing the hospital's alleged attempts to cover up the incident.

As of publication, AHD has not commented on the claims of breach or disclosed whether patients and regulatory authorities have been notified.