Ransomware victim disclosure
← All victimsInstituto Cardiovascular del Cesar
listed as icvc.co - Instituto Cardiovascular del Cesar · Claimed by Babuk2 · listed 1 year ago
Status timeline
- ListedMar 29, 2025
- Data leakeddate unknown
At a glance
- Group
- Babuk2
- Status
- Data leaked
- Country
- Colombia
- Sector
- Healthcare
- Listed on leak site
- Mar 29, 2025
About the victim
AI dossier — public-source company profileInstituto Cardiovascular del Cesar is a private healthcare organization in Colombia providing medium and high-complexity cardiovascular and general medical services. The facility operates multiple departments including surgical services, dialysis, diagnostic imaging, emergency care, and specialized outpatient consultation, supported by modern infrastructure and emphasis on research and medical education.
- Industry
- Healthcare - Cardiovascular Hospital & Clinic Services
- Address
- Carrera 16 # 16A – 42, Barrio Santana, Valledupar, Colombia
Attack summary
Severity: high — Healthcare provider with confirmed data publication by ransomware group. Exposure of patient medical records at a hospital constitutes exfiltration of regulated PII and sensitive health information, regardless of proof file count disclosed.Babuk2 ransomware group claims to have compromised Instituto Cardiovascular del Cesar and published data. The group's post provides minimal detail on the scope of encryption or exfiltration.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Healthcare service data
- Institutional records
What the group claims
icvc.co - Instituto Cardiovascular del Cesar
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

