Ransomware victim disclosure
← All victimsFortis Healthcare
listed as fortishealthcare.com · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 31, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- India
- Sector
- Healthcare
- Listed on leak site
- Dec 31, 2025
About the victim
AI dossier — public-source company profileFortis Healthcare operates a network of hospitals across India, including Fortis Hospital on Bannerghatta Road, Bengaluru, which is a 284-bed tertiary care facility. The hospital is described as well-equipped and provides a range of medical and surgical services. Fortis Healthcare is one of India's leading integrated healthcare delivery service providers.
- Industry
- Hospital & Healthcare Services
- Address
- Bannerghatta Road, Bengaluru, India
Attack summary
Severity: critical — The victim is a hospital (healthcare sector), data has been published (confirmed exfiltration), and a 284-bed hospital would hold large volumes of regulated sensitive data including patient PII and medical records, qualifying as critical under healthcare data exposure criteria.LockBit claims to have attacked Fortis Hospital, Bannerghatta Road, Bengaluru, with the disclosure status marked as data_published, indicating exfiltration and likely publication of data. The specific categories of data at stake are not fully detailed in the truncated post.
Data the group says was taken
AI dossier — extracted from the leak post- Patient records
- Hospital operational data
- Staff information
What the group claims
Fortis Hospital, Bannerghatta Road, Bengaluru, is a 284-bed hospital, well equipped with state-of-...
Sources
- Victim sitefortishealthcare.com
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

