BLACKWATER claims large hospital breach

A ransomware group calling itself BLACKWATER says it stole 3.3 terabytes of data from Turkey’s Medical Park hospital network, but the company says no breach occurred. (falconfeeds.io) (onedio.com) The claim surfaced on April 12, 2026 through social posts tracked by security feeds, including FalconFeeds, and breach-monitoring sites began listing Medical Park as a claimed victim that same weekend. (falconfeeds.io) (ransomware.live) (breachsense.com) Medical Park said the allegation appeared on a platform at 11:00 a.m. on Sunday, April 12, 2026, and that its teams immediately reviewed the matter. The hospital group said those checks found “no problem in the system,” no outside access to data, and no data exfiltration. (onedio.com) That dispute matters because Medical Park is one of Turkey’s biggest private healthcare operators. MLP Care says it runs 37 hospitals with about 7,200 beds across 13 cities in Turkey and also operates in Baku, Budapest and Pristina. (investor.mlpcare.com 1) (investor.mlpcare.com 2) A hospital breach can expose more than names and phone numbers. Turkey’s data protection authority classifies health information as “special category” personal data, a class that gets stricter legal protection because misuse can cause discrimination or harm. (kvkk.gov.tr 1) (kvkk.gov.tr 2) Medical Park’s own privacy notices show the group handles identification data, contact details, insurance information, appointment records and personal health data as part of treatment and billing. Those notices also say patient data is transferred through hospital information systems to Turkey’s Social Security Institution. (medicalpark.com.tr 1) (medicalpark.com.tr 2) Under Turkey’s Personal Data Protection Authority rules, a data controller that learns personal data was obtained unlawfully must notify the authority without delay and no later than 72 hours, and notify affected people as soon as reasonably possible once they are identified. (kvkk.gov.tr) As of April 14, 2026, the materials reviewed here show a public claim from BLACKWATER, a public denial from Medical Park, and no corroborating breach notice from the company or the Turkish data protection authority. The next hard evidence would be a regulator filing, a company disclosure, or leaked samples that independent researchers can verify. (onedio.com) (kvkk.gov.tr) (ransomware.live)