Ransomware victim disclosure
← All victimsSt Raphael'S Hospice
Claimed by NoEscape · listed 3 years ago
Status timeline
- ListedOct 31, 2023
- Data leakeddate unknown
At a glance
- Group
- NoEscape
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Healthcare
- Listed on leak site
- Oct 31, 2023
About the victim
AI dossier — public-source company profileSt Raphael's Hospice is a registered UK charity providing palliative and end-of-life care services to the approximately 401,000 residents of the London Boroughs of Sutton and Merton. Services include inpatient ward care, care at home, emotional support, and wellbeing programmes for patients with life-limiting illnesses and their families. In 2024/25 the hospice recorded 910 referrals and 1,999 Clinical Nurse Specialist visits.
- Industry
- Palliative & Hospice Care
- Address
- London Road, Cheam, Sutton, SM3 9DX, United Kingdom
Attack summary
Severity: critical — The victim is a hospice handling highly sensitive medical and personal data for palliative care patients, a clearly regulated category of health data under UK GDPR/Data Protection Act 2018. The disclosed status is data_published, confirming exfiltration and release of data affecting a vulnerable patient population at scale.NoEscape claims to have attacked St Raphael's Hospice and the disclosure status is listed as data_published, indicating exfiltration and likely publication of data. Given the healthcare context, the data at risk includes sensitive patient and clinical information.
Data the group says was taken
AI dossier — extracted from the leak post- Patient records
- Clinical referral data
- GP and hospital correspondence
- Staff personal data
- Donor and financial records
- Volunteer information
What the group claims
St Raphael's Hospice provides palliative care services for the 401,000 residents of Sutton and Merton. Patients are referred by their GP, Hospital Doctor or Clinical Nurse ...
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

