Aspire Hospital Ransomware Attack by Nova (June 2026)

Claim Summary

The Nova ransomware group has allegedly claimed responsibility for a cyberattack against Aspire Hospital, a healthcare provider based in Bhubaneswar, Odisha, India. According to the threat actor’s leak site post dated June 5, 2026, the group claims to have encrypted servers and stolen patient data from two domains: aspirehospitals.co.in and aspirehospitals.in. The group further alleges that it has obtained samples of the stolen data and is offering to decrypt two files for free if the organization contacts its support department. This claim has not been independently verified by Yazoul Security.

Threat Actor Profile

Nova is a ransomware group with limited public attribution. Based on available intelligence, the group appears to be a relatively new or low-profile operation, with no confirmed tools, tactics, or procedures (TTPs) documented in open-source research. The group’s claimed attack on Aspire Hospital suggests a focus on the healthcare sector, a common target for ransomware actors due to the sensitivity and urgency of medical data.

Without established YARA rules or detection guidance for Nova, organizations should monitor for common ransomware indicators, including:

• Unusual file encryption patterns (e.g., .nova or other extensions)
• Ransom notes dropped in directories
• Unauthorized remote access or lateral movement activity

Alleged Data Exposure

The threat actor claims to have stolen patient data from Aspire Hospital, though the specific types of data (e.g., medical records, personal identifiable information, financial details) and the total volume of data are not disclosed. The group states it has “tree and samples from stolen data” and is willing to provide two free file decryption attempts to the hospital as proof of compromise. The inclusion of patient data in the claim raises significant concerns under healthcare data protection regulations, including India’s Digital Personal Data Protection Act (DPDPA), if confirmed.

Potential Impact

If the claim is verified, Aspire Hospital could face:

• Operational disruption due to encrypted servers
• Potential data breach notification obligations under Indian law
• Reputational damage and loss of patient trust
• Regulatory penalties for failure to protect sensitive health information
• Possible extortion demands for decryption keys and data deletion

The healthcare sector is particularly vulnerable to ransomware attacks, as any downtime can directly impact patient care and safety.

What to Watch For

• Official statements from Aspire Hospital or Indian cybersecurity authorities (e.g., CERT-In)
• Evidence of data leaks on dark web forums or other channels
• Reports of patient identity theft or fraud linked to the alleged breach
• Updates from Nova’s leak site regarding additional data releases or negotiations

Disclaimer

This report is based on unverified claims made by the Nova ransomware group on a dark web leak site. Yazoul Security has not independently confirmed the attack, data theft, or any associated details. Ransomware groups routinely exaggerate or fabricate claims to pressure victims into paying ransoms. Organizations should treat this information as intelligence requiring further verification. No PII, download links, or access credentials are provided in this report.