Part 7/16:
Digital forensics revealed that the hospital's server logs had been erased or tampered with, and malicious code had infiltrated from outside sources via a VPN connection. Earlier, intelligence reports confirmed that the hospital’s VPN credentials, along with thousands of others, had been leaked and sold on the dark web, enabling hackers to breach protected networks.
The attackers had gone as far as encrypting critical data, including approximately 85,000 patient records related to diagnostics, treatment, and billing. The threat was clear: if the ransom was not paid, sensitive information could be permanently leaked or destroyed.