Ransomware victim disclosure
← All victimsGraceworks Lutheran Services
Claimed by Royal · listed 3 years ago
Status timeline
- ListedMar 23, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- United States
- Sector
- Non-Profit
- Listed on leak site
- Mar 23, 2023
- Data size
- 45 GB
- Records
- 486.880 Files
About the victim
AI dossier — public-source company profileGraceworks Lutheran Services is a nonprofit organization founded in 1926 and headquartered in Dayton, Ohio, dedicated to supporting older adults and individuals with disabilities. Its services include assisted living (Bethany Village), in-home nursing and therapy, disability support, enhanced living programs, and hospice care. The organization operates across multiple program lines and has served the greater Dayton community for nearly a century.
- Industry
- Nonprofit Senior Care & Social Services
- Address
- 6430 Inner Mission Way, Dayton, OH 45459
- Founded
- 1926
Attack summary
Severity: critical — The group claims confirmed exfiltration of 45 GB of clinical patient records (regulated health/PII data under HIPAA) at scale (~486,880 files), combined with financial, HR, and executive communications data, and the disclosure status is 'data_published', indicating the data has already been released publicly.The Royal ransomware group claims to have exfiltrated approximately 45 GB comprising 486,880 files, including clinical patient records, full financial audits dating back to 1995, top management email contents, HR and employee documents, and accounting records, with data stated as already published.
Data the group says was taken
AI dossier — extracted from the leak post- Clinical patient records (personal information)
- Financial audits (1995–present)
- Top management email contents
- Employee documents
- HR records
- Accounting records
- Unspecified documents referencing political figures
What the group claims
Founded in 1929, Graceworks Lutheran Services is a lutheran social services organization that operates assisted living facilities. Do not be surprised that the company is engaged in charity - it's just a front. Maybe they are involved in money laundering - who knows...We have at our disposal the contents of all email addresses of the top management, full financial audits from 1995 to the present, 45GB or 486,880 Files of personal patients information (clinical) and even documents related to President Biden - very entertaining. Beside this, we have finance, employee documents, accounting, HR and much more others.Enjoy!
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

