Ransomware victim disclosure

Capital Family Physicians

Claimed by cmdorganization · listed 5 days ago

Age

since listed · data leaked

Status timeline

Listed
May 29, 2026
Data leaked

At a glance

Group: cmdorganization
Status: Data leaked
Country: US
Sector: Healthcare
Listed on leak site: May 29, 2026

About the victim

AI dossier — public-source company profile

Capital Family Physicians is a family medicine practice in Raleigh, NC offering comprehensive primary care for all ages, with particular emphasis on pediatric services. Established over 15 years ago, the practice provides same-day appointments and operates a patient portal for medical records and billing access.

Industry: Primary Care & Family Medicine
Address: 2417 Atrium Drive Suite 201, Raleigh, NC 27607
Founded: 2009

Attack summary

Severity: high — Healthcare provider with confirmed data disclosure (status: data_published); likely exfiltration of PHI including medical records and patient PII, which is regulated under HIPAA and represents sensitive personal health data at scale typical of a multi-provider practice.

The cmdorganization group claims to have breached Capital Family Physicians but provides no details on the nature of the attack (encryption, exfiltration, or both) or specific data categories affected in the leak post.

high

Data the group says was taken

AI dossier — extracted from the leak post

patient medical records
billing information
personal health information (PHI)

What the group claims

Capital Family Physicians provides quality healthcare services for families, focusing on comprehensive care for all ages. They offer same-day appointments and a patient portal for convenient access to medical records and billing. The practice emphasizes pediatric services, ensuring that children's health is prioritized. With over 15 years of experience, they are dedicated to supporting patients through every stage of life.

Sources

Victim sitewww.capitalfamilymd.com

Source

Indexed 5 days ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Is this your supplier? Your competitor? You?

Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

Disclosure context

About cmdorganization

Based on the limited available information, cmdorganization is an obscure ransomware group first observed in May 2026 with only three documented victims to date, suggesting either a newly emerged threat actor or a small-scale operation with primarily financial motivations. The group's targeting pattern shows a geographic focus on Canada, the United States, and Italy, with a sectoral preference for healthcare and construction industries, though the limited victim count makes it difficult to establish definitive targeting criteria. Due to the recent emergence and low victim count, there is insufficient publicly documented information from major cybersecurity firms or law enforcement agencies regarding their specific attack methodologies, encryption techniques, or operational structure. No notable high-profile campaigns or significant ransoms have been publicly reported for this group, likely due to their limited operational scope and recent emergence. Current intelligence suggests the group remains active but operates at a relatively small scale compared to established ransomware families. The group has been linked to 18 public disclosures across our corpus. First observed on a leak site on May 2, 2026; most recent post June 3, 2026. The operation is currently active.

Timeline of this disclosure

May 29, 2026Capital Family Physicians listed by cmdorganizationon the group's public leak site

Sector and geography

This disclosure adds to ransomware activity in the Healthcare sector, which has 1,780 disclosures indexed across all operators we track. Geographically, Capital Family Physicians is reported in US, a country with 2,714 ransomware disclosures in our corpus.

How we know this. Darkfield monitors public ransomware leak sites continuously, archiving every new disclosure and the data later released against the victim. Each entry on this page is sourced from the operator's own publication and cross-checked against complementary OSINT feeds (RansomLook, ransomware.live, RansomWatch). We do not collect or host stolen data — only the metadata, timestamps and screenshots needed to make the public disclosure searchable and accountable. Records here are corrected when the original post is edited, retracted, or merged with another disclosure.