Ransomware victim disclosure
← All victimsClínica Dávila
Claimed by Devman · listed 7 months ago
Status timeline
- ListedDec 22, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- Chile
- Sector
- Healthcare
- Listed on leak site
- Dec 22, 2025
About the victim
AI dossier — public-source company profileClínica Dávila is a private hospital and clinical facility based in Chile (domain: davila.cl). It provides a range of medical and diagnostic services to patients, including laboratory testing. It is one of the larger private healthcare providers in Santiago, Chile.
- Industry
- Healthcare — Hospital & Clinical Services
Attack summary
Severity: critical — Confirmed exfiltration and publication of highly sensitive regulated medical data at scale, including HIV status — among the most sensitive categories of personal health information — combined with PII (IDs) of patients, constituting a critical breach of patient privacy with potential for serious real-world harm.The group 'devman' claims to have exfiltrated patient records including full personal records, HIV test results, and identification documents, and states that data has been published following an extended negotiation period during which the clinic did not respond.
Data the group says was taken
AI dossier — extracted from the leak post- Patient full medical records
- HIV test results
- Government-issued identification documents
What the group claims
Patients' full records, HIV test results, IDs. Throughout a long waiting period, and despite a vast number of phone calls and emails sent by our team to the hospital, we have seen no action from the clinic to resolve the issue - knowing that the HIV tests could potentially change the lives of people whose relatives, friends, and workplaces will...
Sources
- Victim sitedavila.cl
- Leak posthttp://devmanblggk7ddrtqj3tsocnayow3bwnozab2s4yhv4shpv6ueitjzid.onion
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

