Ransomware victim disclosure
← All victimsClarinda Regional Health Center
listed as clarindahealth.com · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 19, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Dec 19, 2025
About the victim
AI dossier — public-source company profileClarinda Regional Health Center (CRHC) is an award-winning regional hospital and health system located in Clarinda, Iowa. It provides a broad range of medical, surgical, rehabilitative, and behavioral health services across multiple clinic locations in southwest Iowa, including facilities in Villisca, Bedford, and Clarinda. The organization operates as a patient-centered community health center offering emergency medicine, specialty care, therapy services, pharmacy, and more.
- Industry
- Regional Healthcare & Hospital Services
- Address
- 220 Essie Davison Dr, Clarinda, IA 51632
Attack summary
Severity: critical — The victim is a regional healthcare provider handling regulated PHI and sensitive medical data including mental health records; data has been published ('data_published' status), confirming exfiltration of regulated health information at scale under HIPAA jurisdiction.LockBit claims to have attacked Clarinda Regional Health Center, with the disclosure status indicating data has been published. The group's post references the organization's medical and rehabilitative services, suggesting exfiltration of sensitive healthcare-related data.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Personal health information (PHI)
- Billing and financial records
- Employee records
- Mental and behavioral health records
- Administrative documents
What the group claims
CRHC offers an array of medical and rehabilitative services, including respiratory therapy, physical...
Sources
- Victim siteclarindahealth.com
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

