Ransomware victim disclosure
← All victimsCarespring
Claimed by NoEscape · listed 3 years ago
Status timeline
- ListedNov 14, 2023
- Data leakeddate unknown
At a glance
- Group
- NoEscape
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Nov 14, 2023
About the victim
AI dossier — public-source company profileCarespring is an employee-owned senior living and healthcare operator with 18 communities across the Cincinnati, Dayton, and Northern Kentucky areas. It provides a continuum of care including independent living, assisted living, memory care, skilled nursing and rehabilitation, long-term nursing care, and on-site hemodialysis. The organization emphasizes personalized, community-oriented care for elderly and medically complex residents.
- Industry
- Senior Living & Long-Term Care (Skilled Nursing, Assisted Living, Memory Care)
- Address
- Cincinnati, Dayton, and Northern Kentucky region (multiple facilities across OH and KY); headquarters not explicitly stated
Attack summary
Severity: critical — Carespring is a multi-site healthcare and skilled nursing operator; the disclosed data almost certainly includes regulated patient health information (PHI) and PII for vulnerable elderly residents, constituting a HIPAA-covered breach of sensitive medical data at scale across 18 facilities.The NoEscape ransomware group claims to have attacked Carespring and has published data, indicating exfiltration of sensitive information from a healthcare provider serving elderly patients. The leak post references personal, patient-level information consistent with the company's resident care operations.
Data the group says was taken
AI dossier — extracted from the leak post- Patient personal information
- Resident medical/care records
- Patient family and contact details
- Employee/staff records (likely)
- Healthcare facility operational data
What the group claims
We engage our patients on a personal level. Every patient in our communities is a part of our Carespring family. We get to know them-their stories, their families, what the...
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

