Ransomware victim disclosure
← All victimsQuigley Eye Specialists
listed as quigleyeye.com · Claimed by Cactus · listed 1 year ago
Status timeline
- ListedMar 3, 2025
- Data leakeddate unknown
At a glance
- Group
- Cactus
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Mar 3, 2025
- Ransom demanded
- $33.6M
- Estimated revenue
- $33.6M
About the victim
AI dossier — public-source company profileQuigley Eye Specialists is a medical and surgical eye care practice based in Florida specializing in diagnosis and treatment of vision disorders including cataracts, glaucoma, diabetic retinopathy, and corneal conditions. Operating across multiple Southwest Florida locations, the practice has recently merged with Eye Centers of Florida to form The Eye Associates. The organization provides comprehensive eye care services including LASIK, routine eyecare, and surgical procedures.
- Industry
- Ophthalmology & Eye Care Services
- Address
- 675 Piper Blvd Unit 1, Naples, Florida, 34110, United States
Attack summary
Severity: critical — Confirmed exfiltration and publication of regulated healthcare data at scale including patient medical records, PII (identification documents), and employee personal information. Medical records are HIPAA-protected, making this a breach of sensitive regulated data affecting both patients and employees.Cactus claims to have encrypted systems and exfiltrated employee and patient personally identifiable information, medical records, database backups, corporate documents, financial records, and confidential correspondence. The group published proof files including patient identification documents and internal communications.
Data the group says was taken
AI dossier — extracted from the leak post- employee personal identifiable information
- patient personal identifiable information
- medical records
- database backups
- financial documents
- corporate internal documents
- confidential correspondence
- identification documents (passports, driver's licenses)
The group's post references roughly 5 proof files.
What the group claims
<p>Hospitals & Physicians Clinics.<br><br>“Quigley Eye Specialists is a Florida medical and surgical practice specializing in the diagnosis and treatment of vision disorders. We provide the highest quality eye care available for cataracts, glaucoma, diabetic retinopathy, cornea conditions, dry eyes, and droopy eyelids using state-of-the-art technology.”<br><br>Website: <a href="https://quigleyeye.com/">https://quigleyeye.com/</a><br><br>Revenue : $33.6M<br><br>Address: 675 Piper Blvd Unit 1, Naples, Florida, 34110, United States<br><br>Phone Number: (239) 594-7636<br><br><mark class="marker-yellow"><strong>Download link #1:</strong></mark> <a href="https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/EHFM/PROOF/">https://6wuivqgrv2g7brcwhjw5co3vligiqowpumzkcyebku7i2busrvlxnzid.onion/EHFM/PROOF/</a><br><br><mark class="marker-yellow"><strong>Mirror:</strong></mark> <a href="https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/EHFM/PROOF/">https://cactus5dqnqkppa5ayckiyk6dttpqwczdqphv5mxh4dkk5ct544q5aad.onion/EHFM/PROOF/</a><br><br><mark class="marker-yellow"><strong>DATA DESCRIPTIONS:</strong></mark> Employees and patients personal identifiable information, database backups, corporate internal documents, medical records, financial documents, corporate and personal confidential correspondence, etc.</p><p><img src="/uploads/G_Garcia_Passport_0cddec2dbd.png" alt="G Garcia Passport.png"><img src="/uploads/Drivers_license_5e770d6b14.png" alt="Drivers license.png"><img src="/uploads/K_Memoli_Disclosure_for_Background_2019_d3de75c8ec.png" alt="K Memoli Disclosure for Background 2019.png"><img src="/uploads/498801_Nyanudor_Likplim_20231006105025_a9d76c0071.png" alt="498801_Nyanudor_Likplim_20231006105025.png"><img src="/uploads/Dr_Sofinksi_Patient_Complaints_9a97b70183.png" alt="Dr. Sofinksi Patient Complaints.png"></p>
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

