Ransomware victim disclosure
← All victimsHeritage Communities
Claimed by Worldleaks · listed 9 months ago
Status timeline
- ListedOct 9, 2025
- Data leakeddate unknown
At a glance
- Group
- Worldleaks
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Oct 9, 2025
About the victim
AI dossier — public-source company profileHeritage Communities is a senior living operator headquartered in Nebraska, USA, with communities across Nebraska, Iowa, Arizona, Texas, Missouri, and Kansas. The company offers independent living, assisted living, memory care, respite and recovery stays, and adult day services. It operates more than 20 named communities under the Heritage, Orchard Pointe, and SageGrove brands.
- Industry
- Senior Living & Long-Term Care
Attack summary
Severity: critical — Heritage Communities serves elderly and vulnerable residents receiving medical and personal care services; a confirmed data publication by a ransomware group almost certainly involves regulated PII and protected health information (PHI) at scale for residents across multiple states, meeting the threshold for critical severity.The worldleaks group claims to have obtained and published data from Heritage Communities, with the site indicating a '2025 Data Incident'; the disclosure status is listed as data_published, suggesting exfiltration of company and/or resident data has occurred.
Data the group says was taken
AI dossier — extracted from the leak post- Resident personal information
- Health and care records
- Employee records
- Financial data
- Internal business documents
Original description
AI-summarised, not from the leak postHeritage Communities is a senior living service provider based in Nebraska, USA. Offering services like independent living, assisted living, memory care, respite care and adult day services, the company enables seniors to live a fulfilling life filled with comfort, choice, and independence. It prides itself on providing high-quality care while honoring the individuality and heritage of each resident.
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

