- Comparitech Stack Report
- Posts
- Ransomware Activity Accelerates in May 2026
Ransomware Activity Accelerates in May 2026
⚡ Weekend Threat Brief
Anubis Claims Responsibility for Singing River Health System Breach
The ransomware group Anubis has claimed responsibility for a breach at Singing River Health System (SRHS) in Mississippi, an incident that the healthcare provider previously disclosed in May. SRHS reported that an unauthorized party accessed its systems between December 19 and 21, 2025, affecting 53,888 individuals. Exposed data includes Social Security numbers, bank account details, medical records, insurance information, provider names, and treatment records. Anubis alleges it stole 293 GB of data comprising more than 1.2 million files and published sample images as proof, including sensitive medical photographs. SRHS has not confirmed the group's claims, and the full scope of the breach remains under investigation. This marks another cybersecurity challenge for the healthcare provider, which has previously faced ransomware-related incidents and fallout from the Change Healthcare attack.
Takeaways:
Anubis claims to have stolen 293 GB of data and more than 1.2 million files from SRHS.
The breach exposed highly sensitive patient, financial, and healthcare information.
Healthcare organizations remain attractive targets due to the value of medical records and the urgency of clinical operations.
Repeat incidents highlight the importance of continuous monitoring, network segmentation, and strong incident response planning.
Third-party breaches and direct attacks continue to create layered cybersecurity risks for healthcare providers.
🎯 Tactical Playbook
What a Year of AI Red Teaming Taught Microsoft About Agentic AI Risks
Microsoft has updated its taxonomy of failure modes for agentic AI systems after a year of red-teaming exercises. The company found that AI agents introduce new risk categories beyond traditional AI concerns because they can make decisions, execute tasks, and interact with external systems. The revised framework highlights risks such as unintended actions, excessive autonomy, instruction manipulation, and harmful interactions with connected tools. For security teams exploring AI-powered automation, the report offers a practical framework for evaluating risks before deployment.
Key Takeaways:
Agentic AI introduces operational risks that differ from those found in traditional AI models.
Security testing should focus on actions an AI agent can perform, not just the content it generates.
Organizations need clear guardrails, permissions, and monitoring for AI agents.
Red-teaming should become a standard part of AI governance programs.
🛡️ Research Watch
Ransomware Activity Accelerates in May 2026
Comparitech researchers recorded 661 ransomware attacks in May 2026, a modest increase of just over 3 percent compared to April's 640 incidents. While activity remained below the levels seen during the first quarter of the year, the data reveals notable shifts in targeting patterns across industries. Education experienced one of the sharpest increases, with attacks rising 54 percent month-over-month. Food and beverage organizations, retailers, transportation firms, and technology companies also saw substantial growth in ransomware activity. Meanwhile, healthcare providers and utility companies recorded meaningful declines, suggesting threat actors may be redirecting their efforts toward sectors perceived as having weaker defenses or greater opportunities for disruption.
🧩 Tool Tip of the Week
Use Atera’s Automation Profiles to Reduce Alert Fatigue
Organizations using Atera for endpoint management can significantly reduce manual effort by taking advantage of Automation Profiles. These profiles allow administrators to schedule routine maintenance tasks such as patch deployment, disk cleanup, software updates, and system health checks across multiple devices. Rather than responding to recurring issues one machine at a time, teams can automate preventive maintenance and focus on higher-priority incidents. For environments monitoring large numbers of HP servers, workstations, and network devices, automation can help maintain performance while reducing technician workload.
🗣️ Community Signal
Cybersecurity is not about breaking systems; it is about understanding how systems work, identifying weaknesses responsibly, and helping make technology safer for everyone. - Harsh Vardhan
🗳️ Your Take - The Results

|
Until Monday’s edition - Let’s keep that zero-day count at zero!