Ransomware victim disclosure
← All victimsLenmed Private Hospitals
listed as lenmed.co.za · Claimed by Darkvault · listed 2 years ago
Status timeline
- ListedAug 13, 2024
- Data leakeddate unknown
At a glance
- Group
- Darkvault
- Status
- Data leaked
- Country
- South Africa
- Sector
- Healthcare
- Listed on leak site
- Aug 13, 2024
About the victim
AI dossier — public-source company profileLenmed Private Hospitals is a Southern African healthcare group operating private hospitals across South Africa, Botswana, and Mozambique. Founded in 1984 with the first clinic in Lenasia (now Ahmed Kathrada Private Hospital), the group operates multiple specialized hospitals and employs over 80 specialist medical practitioners, providing acute care, rehabilitation, and specialized medical services.
- Industry
- Private Healthcare & Hospital Services
- Founded
- 1984
Attack summary
Severity: critical — Healthcare provider with patient data exposure affecting a multi-hospital network across three countries. Confirmed data publication by ransomware group with likely exposure of sensitive patient medical records and PII at scale.Darkvault claims to have compromised Lenmed Private Hospitals' systems and exfiltrated data. The group has published data related to the breach, though specific details of what data was accessed are not detailed in the leak post excerpt provided.
Data the group says was taken
AI dossier — extracted from the leak post- patient records
- hospital operational data
- medical practitioner information
- administrative records
What the group claims
Lenmed Hospitals are deeply rooted in the historical landscape of Southern Africa. They have provided exceptional private care to the communities they serve for over three decades. The first Lenmed Clinic in Lenasia, which opened its doors in 1984, is now the Ahmed Kathrada Private Hospital. With state-of-the-art facilities and over 80 specialist medical practitioners, it stands proudly today as a testament to Lenmed’s excellence in clinical care.
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

