Seven healthcare organizations have recently been added to the dark web data leak sites of ransomware groups. The addition to a data leak site does not necessarily mean that protected health information has been stolen, and hackers may not be entirely truthful about the extent of the data they have stolen. Generally, it does serve as confirmation of a cyberattack. The HIPAA Journal has not downloaded any of the leaked data, so cannot confirm the accuracy of the groups’ claims.The Everest ransomware group has claimed responsibility for attacks on four healthcare providers and has listed the stolen data when the ransoms were not paid. The attacks have yet to be confirmed by the four healthcare providers.Arlington Occupational Health and Wellness in Texas was added to the group’s data leak site on July 4, 2025, along with samples of the stolen data and links to the full dataset. The group claims to have published a huge variety of documents, including EMRs, test results, patient histories, and billing information.Avantic Medical Lab is a clinical laboratory in Edison, New Jersey that serves hospitals and other healthcare providers in New Jersey, New York, and the Pennsylvania Metro Area. The listing was added to the Everest data leak site on June 10, and the lab was given a week to make contact or risk having data published in full. Everest then leaked the stolen files on July 3, 2025, some of which appear to be patient files containing test results, patient histories, and billing information.PDI Health, a Brooklyn, New York-based mobile diagnostic imaging service provider, is also listed. Everest claims to have stolen more than 373,000 records, including test results, patient histories, and billing information. The listing was added to the data leak site on May 14, 2025, along with samples when contact was not made in the allocated time, and the stolen data was added on June 18, 2025.Balance Diagnostics, a medical diagnostic imaging center in Cedarhurst, New York, was also recently attacked. Everest claims to have stolen more than 31,000 records, including test results, histories, Social Security numbers, birth dates, and billing information. Balance Diagnostics was added to the data leak site on May 6, along with samples of the stolen data. The full dataset was leaked on June 18, 2025.The Rhysida ransomware group has added Florida Hand Center to its data leak site. Florida Hand Center serves patients in Punta Gorda, Port Charlotte, and Fort Myers in Florida. The listing was added on July 8, 2025, and samples of the stolen data have been included in the listing, such as driver’s licenses, insurance claim forms, and medical images. Florida Hand Clinic has been given 7 days to make contact, after which Rhysida claims it will auction the stolen data.Payouts King is a new, closed ransomware group that has conducted at least two attacks on healthcare organizations in the United States: Crenshaw Community Hospital in Luverne, Alabama, and Gateway Community Services, a rehab clinic in Florida. Both healthcare providers were added to the data leak site on June 27, and the data has been leaked. The group claimed to have infiltrated 53 GB of data from Crenshaw Community Hospital, and listed it for download when the ransom was not paid.Payouts King claims to have stolen 890 GB of data from Gateway Community Services, including medical records and identity documents. Gateway Community Services has confirmed that 34,498 individuals were affected by the breach and had their names, addresses, dates of birth, ID documents, Social Security numbers, treatment information, and health insurance information stolen. Gateway Community Services identified the attack on April 11, 2025, and completed its file review on May 16, 2025. The substitute breach notice does not mention ransomware. The affected individuals have been offered complimentary credit monitoring and identity theft protection services, and should avail themselves of those services due to the dark web data leak site listing.The post [Seven Healthcare Organizations Added to Ransomware Groups’ Data Leak Sites](https://www.hipaajournal.com/seven-healthcare-organizations-ransomware-july-2025/) appeared first on [The HIPAA Journal](https://www.hipaajournal.com).
Related Tags:
NAICS: 621 – Ambulatory Health Care Services
NAICS: 62 – Health Care And Social Assistance
NAICS: 623 – Nursing And Residential Care Facilities
NAICS: 622 – Hospitals
Blog: Hipaa Journal
Data from Cloud Storage
Software Discovery: Security Software Discovery
Software Discovery
File and Directory Discovery
Associated Indicators: