{ "id": "e3d74441-d39c-4c8a-92de-c331c9dc68e0", "created_at": "2026-04-06T02:11:40.668014Z", "updated_at": "2026-04-10T03:26:47.068045Z", "deleted_at": null, "sha1_hash": "899b411d90dbea52b560e1859fdc33af0fdafc9a", "title": "LockBit threatens to leak medical data of cancer patients stolen from Varian Medical Systems", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 212945, "plain_text": "LockBit threatens to leak medical data of cancer patients stolen\r\nfrom Varian Medical Systems\r\nBy Pierluigi Paganini\r\nPublished: 2023-08-09 · Archived: 2026-04-06 02:06:50 UTC\r\nThe LockBit ransomware group threatens to leak medical data of cancer patients\r\nstolen from Varian Medical Systems.\r\nThe LockBit ransomware group claims to have hacked the healthcare company Varian Medical Systems and\r\nthreatens to leak the medical data of cancer patients.\r\nVarian Medical Systems, Inc. designs, manufactures, sells, and services medical devices and software products for\r\ntreating cancer and other medical conditions worldwide. It operates through two segments, Oncology Systems and\r\nImaging Components.\r\nThe company is owned by Siemens Healthineers and has 3 billion dollar revenues.\r\nhttps://securityaffairs.com/149307/cyber-crime/varian-medical-systems-lockbit-ransomware.html\r\nPage 1 of 2\n\n“ALL DATABASES AND PATIENT DATA WAS EXFILTRATED AND PREPARED TO BE PUBLISHED ON THE\r\nBLOG” states the Lockbit gang on its TOR leak site.\r\nLockbit has fixed the deadline for the ransom payment on August 17, 2023.\r\nIf confirmed the incident could have a dramatic impact on the privacy of cancer patients. The company has yet to\r\ndisclose the security incident.\r\nThis year other companies owned by Siemens suffered a security breach.\r\nIn April, Siemens Metaverse, a virtual space built to mirror real machines, factories, and other highly complex\r\nsystems, exposed sensitive data, including the company’s office plans and internet of things (IoT) devices.\r\nIn June, the Clop ransomware group added new victims of MOVEit attacks to its dark web leak site, including the\r\nindustrial giants Schneider Electric and Siemens Energy. Both Schneider Electric and Siemens Energy provide\r\nIndustrial Control Systems (ICS) that are used in critical national infrastructure worldwide.\r\nFollow me on Twitter: @securityaffairs and Facebook and Mastodon\r\nPierluigi Paganini\r\n(SecurityAffairs – hacking, Varian Medical Systems)\r\nSource: https://securityaffairs.com/149307/cyber-crime/varian-medical-systems-lockbit-ransomware.html\r\nhttps://securityaffairs.com/149307/cyber-crime/varian-medical-systems-lockbit-ransomware.html\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://securityaffairs.com/149307/cyber-crime/varian-medical-systems-lockbit-ransomware.html" ], "report_names": [ "varian-medical-systems-lockbit-ransomware.html" ], "threat_actors": [ { "id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5", "created_at": "2022-10-25T16:07:23.797925Z", "updated_at": "2026-04-10T02:00:04.752608Z", "deleted_at": null, "main_name": "LockBit Gang", "aliases": [ "Bitwise Spider", "Operation Cronos" ], "source_name": "ETDA:LockBit Gang", "tools": [ "3AM", "ABCD Ransomware", "CrackMapExec", "EmPyre", "EmpireProject", "LockBit", "LockBit Black", "Mimikatz", "PowerShell Empire", "PsExec", "Syrphid" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775441500, "ts_updated_at": 1775791607, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/899b411d90dbea52b560e1859fdc33af0fdafc9a.pdf", "text": "https://archive.orkl.eu/899b411d90dbea52b560e1859fdc33af0fdafc9a.txt", "img": "https://archive.orkl.eu/899b411d90dbea52b560e1859fdc33af0fdafc9a.jpg" } }