LockBit 3.0 Ransomware Attack on Lenmed Private Hospital Group

Incident Date:

May 8, 2024

World map



LockBit 3.0 Ransomware Attack on Lenmed Private Hospital Group


Lenmed Private Hospital Group




Johannesburg, South Africa

, South Africa

First Reported

May 8, 2024

Ransomware Attack on Lenmed Private Hospital Group

Victim Profile

Lenmed Private Hospital Group, a world-class chain of private hospitals operating in Southern Africa, was targeted by the LockBit 3.0 ransomware group in a cybercrime attack. The attackers managed to exfiltrate a significant amount of sensitive data, including financial records, patients' information, and personally identifiable documents. A sample of the stolen data was leaked by the attackers, but the ransom demand remains undisclosed. The attack has raised concerns about the security of Lenmed's systems and the potential impact on the affected individuals.The company provides high-quality healthcare services across South Africa, Botswana, and Mozambique, offering specialized medical disciplines and allied services.

Company Size and Industry Standing

The company has 3,353 employees and generates a revenue of $206.2 million. The company is known for its state-of-the-art facilities, highly qualified doctors, and specialist services. Lenmed has been serving communities for over 30 years and is a prominent private hospital group in Africa.

Ransomware Group Distinction

The LockBit 3.0 ransomware group, also known as LockBit Black, is a highly sophisticated Ransomware-as-a-Service (RaaS) group that has been actively recruiting affiliates and targeting a wide range of businesses and critical infrastructure organizations. LockBit 3.0 distinguishes itself by its advanced encryption capabilities, obfuscation techniques, and the ability to move laterally through a network via group policy updates, making it a formidable threat in the cybersecurity landscape.

LockBit May Attacks

This ransomware attack on Lenmed Private Hospital Group is part of the May 2024 attacks by LockBit 3.0. Following the disruption of its infrastructure in February during "Operation Cronos," LockBit resurfaced with vigor, targeting over 50 victims within hours of reactivating its platform. The group's adaptability and global reach showcase the challenges faced by law enforcement in combating cybercrime effectively. LockBit's resurgence underscores the need for enhanced international cooperation and proactive measures to counter evolving cyber threats.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.