Ransomware victim disclosure
← All victimsMarkham Stouffville Hospital
Claimed by Anubis · listed 7 months ago
Status timeline
- ListedDec 16, 2025
- Data leakeddate unknown
At a glance
- Group
- Anubis
- Status
- Data leaked
- Country
- Canada
- Sector
- Healthcare
- Listed on leak site
- Dec 16, 2025
About the victim
AI dossier — public-source company profileMarkham Stouffville Hospital (MSH) is a community hospital network in York Region, Ontario, Canada, operating acute care facilities in Markham and Stouffville. It provides a broad range of inpatient, outpatient, and emergency health services to a growing regional population. MSH is affiliated with the University of Toronto and serves hundreds of thousands of patients annually.
- Industry
- Acute Care Hospital & Healthcare Services
- Address
- 381 Church Street, Markham, Ontario L3P 7P3, Canada
- Employees
- 1000-5000
- Founded
- 1990
Attack summary
Severity: critical — The victim is a Canadian acute care hospital, meaning any exfiltrated data almost certainly includes regulated personal health information (PHI/PII) at scale, which constitutes a critical-severity disclosure under both Canadian PIPEDA/PHIPA and general ransomware severity standards. The data has been published ('data_published' status), confirming exfiltration and public release.The Anubis ransomware group claims to have exfiltrated data from Markham Stouffville Hospital and has disclosed the data publicly; the leak post references a 'Micaforce Technology Download,' suggesting exfiltrated files have been made available for download.
Data the group says was taken
AI dossier — extracted from the leak post- Patient health records
- Personal identifiable information (PII)
- Staff/employee records
- Internal hospital documents
- Potentially financial/administrative data
What the group claims
Personal data.
The leak post
captured from the group's siteAnubis blog ANUBIS NEWS FAQ ABOUT RULES English English Español Русский 中文 Deutsch Description Micaforce Technology Download
Sources
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

