A ransomware group called Genesis over the weekend took credit for a March 2026 data breach at CarePoint Health, an Ontario medical clinic.
CarePoint on March 19, 2026 reported a data breach that compromised names, medical info, addresses, phone numbers, and dates of birth, among other info.
Genesis on May 8, 2026 said it stole 70 GB of medical, operational, and financial data from CarePoint. The group posted the claim on its data leak website.
CarePoint has not acknowledged Genesis’ claim and Comparitech cannot independently verify it. We do not know how many people were compromised in the breach, how attackers breached CarePoint’s network, if CarePoint paid a ransom, or how much Genesis demanded. Comparitech contacted CarePoint for comment and will update this article if it replies.
“We first became aware of the incident on March 19, 2026, when we received contact from a threat actor claiming unauthorized access to our network and data,” says CarePoint’s notice to breach victims.
“While indications were initially unclear, data theft has now been confirmed. We have now discovered and analyzed evidence of the set of stolen files. Unfortunately, the stolen files include information about a number of clients.”
Who is Genesis?
Genesis is a ransomware group that started claiming responsibility for attacks on organizations in October 2025. Its malware both steals data and locks down computer systems. Genesis then demands payment to destroy stolen data and restore infected systems.
Genesis has claimed responsibility for 63 ransomware attacks in total. Of those, nine were confirmed by the organizations targeted.
CarePoint is the group’s first confirmed Canadian target, but Genesis has attacked four other healthcare organizations. Those confirmed claims include:
- River City Eye Care reported a September 2025 data breach
- Advanced Family Surgery Center reported a November 2025 data breach
- Community Health Action of Staten Island reported an October 2025 data breach
- Stockton Cardiology Medical Group reported a December 2025 data breach
The attack on CarePoint is the Genesis’ first confirmed attack claim of 2026.
Ransomware attacks in Canada
Comparitech researcher have logged seven confirmed ransomware attacks on Canadian organizations in 2026 to date. They include:
- Lakelands Public Health reported a January 2026 data breach claimed by Lynx
- Ardene Holdings reported a January 2026 data breach claimed by Akira
- CHOC FM 88.7 reported a February 2026 ransomware attack
- Westport Fuel Systems reported a March 2025 data breach claimed by Embargo
- STELIA Aerospace North America reported an April 2026 data breach for which Rhysida demanded $2.1 million
- Rural Municipality of Gimli reported an April 2026 data breach claimed by Payload
Ransomware attacks on hospitals, clinics, and other care providers can steal data and lock down infected computer systems. They can cripple critical systems and endanger the health, privacy, and security of patients. Infected hospitals and clinics must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk. Hospitals and clinics might resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.
About CarePoint Health
Launched in 2019, CarePoint Health operates two clinics in Mississauga, Ontario. In the year between April 2024 and March 2025, CarePoint served 11,298 people, according to its latest annual report.
It should not be confused with US healthcare providers by the same name, including one in Colorado and one in New Jersey.
