Americans Indicted for BlackCat Ransomware Attacks on Healthcare Organizations

March 15, 2026HIPAA News Today0

Two U.S. citizens were indicted for conducting ransomware attacks connected to the BlackCat ransomware operation while employed at cybersecurity firms.

Individuals Charged in BlackCat Ransomware Scheme

Federal prosecutors indicted Ryan Clifford Goldberg and Kevin Tyler Martin for their alleged involvement in ransomware attacks targeting organizations, including HIPAA-covered entities, in the United States. A third individual is suspected of participation in the scheme but was not included in the indictment.

Ryan Clifford Goldberg worked as an incident response professional at the cybersecurity firm Sygnia. Kevin Tyler Martin worked as a ransomware threat negotiator at the Chicago-based cyber threat intelligence and incident response company DigitalMint. The unidentified co-conspirator also worked at DigitalMint as a ransomware negotiator.

Prosecutors allege the individuals conducted ransomware attacks while employed at their respective cybersecurity companies.

Alleged Criminal Activity

The indictment alleges that the defendants conspired to obtain money through ransomware attacks targeting organizations in the United States. The alleged conduct involved breaching company networks, stealing data, encrypting files with ransomware, and demanding cryptocurrency payments.

One attack referenced in the case involved a medical device company that was targeted on or around May 13, 2023. The attackers issued a ransom demand of $10 million.

Goldberg later stated that he had been recruited into the scheme by the unnamed co-conspirator and said the attacks were carried out to address personal debt. He also indicated that three members of the group each received approximately $200,000 from the attack. Martin denies involvement in the alleged scheme.

Law Enforcement Investigation

Federal authorities conducted investigative actions connected to the case in 2025. The Federal Bureau of Investigation searched the residence of the unnamed co-conspirator in April 2025. The Federal Bureau of Investigation interviewed Goldberg on the following month and initially denied involvement.

The two defendants were formally indicted on October 2, 2025. Charges listed in the indictment include conspiracy to interfere with interstate commerce by interference with interstate commerce, extortion, and deliberate damage to a secured computer.

Status of the Defendants

Kevin Tyler Martin was released on a $400,000 bond after the indictment. The bond conditions prohibit him from working in cybersecurity prior to trial.

Statements from the companies connected to the defendants indicate that the alleged activities occurred outside company systems and infrastructure. DigitalMint stated that no client data was compromised in the incident and that none of the individuals connected to the scheme have been employed at the company for more than four months.

There is no indication that either Sygnia or DigitalMint was aware of the alleged attacks.

Ransomware Operation Context

The ransomware used in the alleged attacks was associated with the BlackCat operation, which has been used in attacks targeting organizations in the United States.

About Thomas Brown
Thomas Brown worked as a reporter for several years on ComplianceHome. Thomas is a seasoned journalist with several years experience in the healthcare sector and has contributed to healthcare and information technology news publishers. Thomas has a particular interest in the application of healthcare information technology to better serve the interest of patients, including areas such as data protection and innovations such as telehealth. Follow Thomas on X https://x.com/Thomas7Brown

ComplianceHome is a registered trademark. Copyright © 2026 ComplianceHome. All rights reserved.