Ransomware victim disclosure
← All victimsVIP Imaging
listed as vipimaging · Claimed by Dragonforce · listed 4 days ago
Status timeline
- ListedJun 29, 2026
- Data leakeddate unknown
At a glance
- Group
- Dragonforce
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Jun 29, 2026
About the victim
AI dossier — public-source company profileVIP Imaging is a mobile nuclear cardiac imaging company based in Southern California, specializing in PET/CT and SPECT cardiac imaging services for cardiologists. Founded in 2008, the employee-owned company operates mobile imaging units serving 100+ practices nationwide and supports 2,000+ patients monthly, positioning itself as the largest mobile nuclear imaging provider in the region.
- Industry
- Medical Imaging Services & Nuclear Cardiology
- Address
- 1061 N. Shepard St, Unit L, Anaheim, CA 92806
- Founded
- 2008
Attack summary
Severity: critical — Healthcare company with confirmed data exfiltration involving patient medical records and imaging data. Patient health information (PHI) is regulated under HIPAA and constitutes sensitive personally identifiable information at scale, meeting the critical threshold regardless of proof file count.DragonForce claims to have exfiltrated data from VIP Imaging. The post does not specify the scope of data taken or whether encryption occurred, but data has been published as indicated by the 'data_published' disclosure status.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical imaging records
- Billing and financial data
- Practice partner information
- Operational business records
What the group claims
VIP Imaging is the largest mobile nuclear imaging company in Southern California, specializing in cardiac PET/CT and SPECT studies for cardiologists. The company is employee-owned and prides itself on having the best technicians and technology in the industry, ensuring high-quality patient care and support for proper billing.
Sources
Source
Indexed 4 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

