Ransomware victim disclosure
← All victimsGranger Medical Clinic
Claimed by NoEscape · listed 3 years ago
Status timeline
- ListedOct 6, 2023
- Data leakeddate unknown
At a glance
- Group
- NoEscape
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Oct 6, 2023
About the victim
AI dossier — public-source company profileGranger Medical Clinic is a multi-specialty outpatient healthcare provider founded in 1954, operating over 20 locations across Utah including Davis, Salt Lake, and Summit counties. The clinic offers a broad range of services including primary care, specialist consultations, urgent care, telehealth, lab and imaging, and clinical trials, with a stated focus on compassionate, patient-centered care.
- Industry
- Outpatient Medical Clinic & Multi-Specialty Healthcare
- Address
- Utah, United States (multiple locations across Utah, including Davis County, Salt Lake County, Summit County)
- Founded
- 1954
Attack summary
Severity: critical — The victim is a multi-location U.S. healthcare provider with a large patient population; data has been confirmed published by the threat actor, strongly indicating exfiltration of regulated medical/PHI data subject to HIPAA, constituting a critical data breach.NoEscape claims to have compromised Granger Medical Clinic and has published data ('data_published' status), indicating exfiltration of patient and/or organizational records from a healthcare provider handling sensitive medical information.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Personal health information (PHI)
- Patient contact and demographic data
- Clinical trial data
- Lab and imaging results
- Employee records
- Financial/billing data
What the group claims
Granger Medical Clinic was founded in 1954 by Doctors LaVere Poulsen and Glenn Wilson. The two providers came together with the hope of better serving the Granger community...
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

