West Pharmaceutical Services Ransomware Attack
West Pharmaceutical Services, a global manufacturer of drug delivery components, experienced a ransomware attack that disrupted shipping, manufacturing, and shared service functions. The company detected the intrusion on May 4, 2026, and made an SEC filing on May 7, 2026, disclosing that some systems were encrypted and data was stolen. The incident was further reported in a threat intelligence report on May 18, 2026.
Signal context
First seen: May 18, 2026
Last updated: Jun 25, 2026
Status: Public signal
Key points
- Ransomware attack detected May 4, 2026.
- SEC filing on May 7, 2026.
- Disrupted shipping, manufacturing, and shared service functions globally.
Signal analysis
BetaThis analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.
Sector: Manufacturing
Likely country: Location not provided
Watch ransomware, endpoint compromise and business interruption exposure.
- Source type: outside the affected organization
Impact area: Availability
- 3 signals in the same sector
- 14 signals with the same likely impact area
- 1 signal linked to this organization/domain
External sources
18th May – Threat Intelligence Report - Check Point Researchhttps://research.checkpoint.com/2026/18th-may-threat-intelligence-report/Public source from research.checkpoint.com.
SWK Technologies May 2026 Cybersecurity News Recaphttps://www.swktech.com/blog/swk-technologies-may-2026-cybersecurity-news-recapPublic source from swktech.com.
7 Data Security Stories to Know About (May 2026)https://www.securitymagazine.com/articles/97697-7-data-security-stories-to-know-about-may-2026Public source from securitymagazine.com.
Related signals
Grouped by why the signal is relevant.
Foxconn Cyberattack
Foxconn, a global electronics manufacturer, confirmed on May 18, 2026, it was hit by a cyberattack on its North American operations after the Nitrogen ransomware group claimed to have stolen 8TB of data. The company acknowledged the attack on May 12, 2026, and confirmed disruption at some factories, with affected facilities resuming normal production.
Tata Electronics Confirms Cyberattack, Alleged Apple and Tesla Manufacturing Data Leaked
Tata Electronics, a key supplier to Apple and Tesla, confirmed a cybersecurity incident after the ransomware group 'World Leaks' claimed to have dumped over 630 GB of data, including alleged manufacturing documents and sensitive files related to Apple and Tesla. The company stated that its operations remained unaffected. Security researchers found references to Apple supplier specifications, Tesla manufacturing documents, employee emails, and passport copies among the leaked data.
Mackay Sugar hit by The Gentlemen ransomware, operations disrupted
Australia's second-largest sugar producer, Mackay Sugar, was targeted in a ransomware attack by The Gentlemen group, disrupting operations at its mills. The ransomware group claimed responsibility and listed Mackay Sugar on its dark web leak site on June 15, 2026.
INC Ransom group leaks Sandhills Medical Foundation patient data
The INC Ransom ransomware group leaked stolen data belonging to Sandhills Medical Foundation patients on June 15, 2026. The breach, which originated from a ransomware attack discovered in May 2025, affected approximately 169,000 individuals, exposing sensitive personal and health information.
Beacon Mutual Insurance Co. Ransomware Attack Compromises 131,000 Rhode Islanders' Data
Beacon Mutual Insurance Co., Rhode Island's largest workers' compensation insurer, disclosed that highly sensitive personal information belonging to over 131,000 Rhode Islanders was compromised in a ransomware attack earlier in the year. An unauthorized person gained access to the company's system between January 7th and January 14th, accessing files containing names, Social Security numbers, driver's license numbers, financial account numbers, health insurance information, and/or medical treatment details.
Tampa Bay Dental Implants & Prosthetics discloses ransomware attack and data exposure
Tampa Bay Dental discovered unauthorized access to its network on January 19, 2026, when ransomware was used to encrypt files on a legacy server containing a backup of electronic medical records. Patient data, including names, contact information, birth dates, treatment notes, clinical histories, and for some, Social Security numbers, was exposed.