Ransomware victim disclosure
← All victimsHopital La Rabta
Claimed by Devman · listed 7 months ago
Status timeline
- ListedDec 12, 2025
- Data leakeddate unknown
At a glance
- Group
- Devman
- Status
- Data leaked
- Country
- Tunisia
- Sector
- Healthcare
- Listed on leak site
- Dec 12, 2025
About the victim
AI dossier — public-source company profileHôpital La Rabta is a major public teaching hospital located in Tunis, Tunisia, operated under the Tunisian Ministry of Health. It provides a broad range of medical services including surgery, specialty medicine, emergency care, and outpatient services to the Tunisian population. It is one of the largest and most prominent hospitals in Tunisia.
- Industry
- Public Hospital & Healthcare Services
- Address
- Rue Jebel Lakhdar, Bab Saadoun, Tunis, Tunisia
Attack summary
Severity: critical — The victim is a major public hospital; any confirmed data publication from a healthcare institution implies exposure of regulated sensitive data including patient PII and medical records at scale, meeting the critical threshold.The group 'devman' claims to have disclosed data from Hôpital La Rabta, with the post marked as data_published, indicating exfiltration and publication of hospital data. The specific nature and volume of the exfiltrated data are not detailed in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Patient records
- Medical records
- Hospital administrative data
- Staff information
Original description
AI-summarised, not from the leak postHopital La Rabta is a major hospital located in Tunis, Tunisia. It provides a wide array of medical services to the Tunisian population. The hospital prides itself on its team of highly skilled and dedicated medical professionals who utilize advanced medical equipment to effectively diagnose and treat diseases. It offers surgical services, specialty medicine, emergency care, and outpatient services.
Sources
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

