US Healthcare Cyber Incident Map — Operating Picture

OPSARIC-CI-2026-0509 · Q1 2026 · Updated 2026-05-09
Posture: ELEVATED · 201 Q1 attacks (120 providers + 81 vendors) · Top actors: Akira · Rhysida · Interlock · Insomnia · 96% of ransomware incidents exfiltrate data · Concentration risk: Change Healthcare class single-point-of-failure architecture persists
N 49° N 25° SECTOR · CONUS SCALE · NOT TO PROJECTION WEST MOUNTAIN / SW MIDWEST NE / SE CA 8 incidents CO NM KS IL 4 incidents MI OH MO TX 6 incidents · hot MS AL TN SC FL PA 3 incidents NY 4 incidents MA MD MN CHANGE HEALTHCARE 192.7M records · systemic blast radius INCIDENT TYPE Ransomware Data Breach Supply-Chain Compromise < 7 days (live) ⌀ size ∝ victims halo = cluster POSTURE READOUT ELEVATED 201 Q1 attacks 192.7M records (Change) 96% exfil rate
Ransomware Data breach Supply-chain compromise Last 7 days (pulsing) Dot size ∝ patients affected · cluster halo = state with ≥3 incidents
Incidents tracked
94+
major US events YTD
Q1 2026 attacks
201
120 providers · 81 vendors
Largest single breach
192.7M
Change Healthcare
Data-exfil rate
96%
of ransomware incidents
Hot state · 30d
TX
6 incidents · cluster halo
TOP ACTIVE THREAT ACTORS · TRACKED CORPUS
Akira ×4
Rhysida ×4
Interlock ×3
ALPHV/BlackCat ×3
Qilin ×3
Insomnia ×2
Genesis ×3
PEAR Extortion ×3
Handala (Iran MOIS) ×1
RansomHub ×1
Spacebears ×2
Lynx ×2
INTERNATIONAL ECHO · Réseau Radiologique Romand (CH · Akira) · CarePoint Health (CA · Genesis) · Rehab Clinics Group (UK · Everest) · FriendlyCare Pharmacy (AU · Kairos) · ChipSoft (NL EHR · ransomware) · Nippon Medical School (JP · NetRunner) · Depósito Dental Universitario (MX · Lamashtu) · Alpinion (KR · Coinbasecartel) · Healthdaq (IE · XP95) · AEP Pharma (DE · ransomware) · Hospital Caribbean Medical Center (PR · The Gentlemen)
OPSARIC · Healthcare Cyber Threat Tracker · Q1 2026 Operating Picture · 2026-05-09
Sources: HIPAA Journal · HHS OCR Breach Portal · CISA · DOJ · victim disclosures · darkweb leak sites (tracked) · GreyNoise · Recorded Future · OPSARIC analyst attribution
Positions approximate · State-level geocoding · Not a projection-accurate map · Cluster halos at n ≥ 3

Opsaric content is for informational and educational purposes only and does not constitute professional advice. Full disclosures →