Charity Under Siege: Tengu Ransomware Targets Saudi Health Nonprofit

In the shadowy world of cybercrime, even those dedicated to saving lives aren’t immune. This week, the notorious Tengu ransomware group struck a new target: SEHA Qassim, the Health Services Association in Saudi Arabia’s Qassim region. As the digital dust settles, questions swirl about the safety of organizations at the heart of community well-being - and what this latest attack signals for global non-profits.

Fast Facts

• Victim: SEHA Qassim, a Saudi non-profit health and social services provider
• Attacker: Tengu ransomware group
• Incident discovered: January 14, 2026
• Nature of attack: Data breach and ransomware leak
• Impact: Potential exposure of sensitive health and social service data

The attack was first flagged by watchdog site ransomware.live, which tracks publicly posted victim lists from ransomware groups. The Tengu collective, known for their aggressive tactics and high-profile breaches, added SEHA Qassim to their roster on January 14, 2026. While the full scale of the breach remains unclear, the symbolic impact is undeniable: a non-profit health organization - tasked with caring for society’s most vulnerable - has been thrust into the crosshairs of global cyber extortion.

SEHA Qassim operates as a charitable foundation, providing medical and social support in the Qassim region of Saudi Arabia. The organization’s official website (seha.org.sa) is a vital resource for thousands seeking aid. Now, it’s also a stark reminder of how cybercriminals are willing to exploit even humanitarian institutions for profit.

Ransomware attacks like this typically involve hackers infiltrating an organization’s network, encrypting data, and demanding payment for its release. In many cases, attackers also threaten to leak sensitive information if their demands aren’t met - a tactic that can have devastating consequences for organizations handling personal health data. Tengu’s method aligns with this “double extortion” trend, where the threat of public exposure amplifies the pressure to pay.

The breach raises urgent questions about the digital defenses of non-profits and healthcare providers in the Middle East and beyond. These organizations often lack the IT budgets of their corporate counterparts, making them attractive targets for cybercriminals. Yet, the data they hold - medical histories, social records, donor information - is highly sensitive and, in the wrong hands, potentially catastrophic.

As the investigation unfolds, there is an immediate need for transparency and support. Cybersecurity experts warn that such attacks are likely to increase, especially as ransomware groups grow bolder and more organized. For SEHA Qassim and similar organizations worldwide, this incident is a wake-up call: in today’s threat landscape, no target is off-limits.

The Tengu attack on SEHA Qassim is a chilling reminder that cybercrime’s reach knows no moral boundaries. As non-profits and critical service providers scramble to secure their digital frontlines, the world must reckon with a new reality - where even the guardians of public health are forced to defend against invisible, relentless adversaries.

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Double extortion: Double extortion is a ransomware tactic where attackers both encrypt files and steal data, threatening to leak the data if the ransom isn’t paid.
• Data breach: A data breach is when unauthorized parties access or steal private data from an organization, often leading to exposure of sensitive or confidential information.
• Non: A non-human identity is a digital credential used by software or machines, not people, to securely access systems and data.
• Cyber extortion: Cyber extortion is when attackers demand payment by threatening to release, destroy, or block access to digital data or systems.