Rehabilitation Under Siege: Play Ransomware Hits Landmark Rehab Group

In the early hours of February 26, 2026, an unsettling message rippled through the cyber threat monitoring community: Landmark Rehab Group, a healthcare provider specializing in rehabilitation services, had been singled out by the Play ransomware group. The group, infamous for high-profile attacks and public data leaks, brazenly announced their latest victim on their leak site, putting another medical institution in the crosshairs of ransomware extortion.

Fast Facts

• Landmark Rehab Group targeted by Play ransomware group.
• Attack discovered and reported on February 26, 2026.
• Incident highlights ongoing threats to healthcare providers.
• Play group known for public data leak extortion tactics.

Healthcare in the Crossfire

The attack on Landmark Rehab Group is the latest in a disturbing trend: ransomware gangs targeting healthcare providers, disrupting critical services, and endangering sensitive patient information. Play, a ransomware operation that emerged in 2022, has quickly built a reputation for targeting organizations across multiple sectors, with healthcare remaining a prime target due to its perceived vulnerability and the high stakes involved.

Ransomware.live, a platform that tracks ransomware incidents, flagged the attack, noting Play’s public leak of the victim’s identity. While the specifics of the breach - such as the volume of data stolen or whether operations were halted - remain undisclosed, the public naming alone serves as a powerful extortion tactic. The threat: pay up, or risk the exposure of confidential information.

The technical details behind Play’s attacks often involve exploiting unpatched vulnerabilities, phishing campaigns, or weak remote access controls. Once inside, the group encrypts critical files and exfiltrates sensitive data, using the threat of public leaks as leverage in ransom negotiations. The group’s operations are meticulously organized, with leak sites serving as both a warning to victims and a marketing tool to intimidate future targets.

This incident also underscores the broader risks facing healthcare organizations, many of which operate with limited cybersecurity resources. The consequences of such attacks can be dire: not only financial loss, but also compromised patient care and erosion of public trust.

Conclusion: A Growing Threat

As ransomware groups like Play continue to evolve, the healthcare sector remains alarmingly exposed. The attack on Landmark Rehab Group is a stark reminder that cybercriminals are undeterred by the essential nature of medical services. For patients and professionals alike, the stakes have never been higher - making resilience, vigilance, and investment in cybersecurity more urgent than ever.

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Leak Site: A leak site is a website where cybercriminals post or threaten to post stolen data to pressure victims into paying a ransom.
• Phishing: Phishing is a cybercrime where attackers send fake messages to trick users into revealing sensitive data or clicking malicious links.
• Exfiltration: Exfiltration is the unauthorized transfer of sensitive data from a victim’s network to an external system controlled by attackers.
• Vulnerability: A vulnerability is a weakness in software or systems that attackers can exploit to gain unauthorized access, steal data, or cause harm.