Ransomware victim disclosure
← All victimsRocky Mountain Gastroenterology
listed as INTERNAL.ROCKYMOUNTAINGASTRO.COM · Claimed by Trinity · listed 2 years ago
Status timeline
- ListedSep 15, 2024
- Data leakeddate unknown
At a glance
- Group
- Trinity
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Sep 15, 2024
- Data size
- 330 GB
- Ransom demanded
- $60.3M
- Estimated revenue
- $60.3M
About the victim
AI dossier — public-source company profileRocky Mountain Gastroenterology (RMG) is a multi-location gastroenterology practice serving the Denver, Colorado metropolitan area for over 20 years. The practice operates 8+ clinic and endoscopy centers across Denver, Littleton, Aurora, Centennial, Thornton, Westminster, and Lakewood, offering colonoscopy, upper endoscopy, pain management, and comprehensive digestive health services.
- Industry
- Healthcare - Gastroenterology
- Address
- Multiple locations; primary: 355 Union Blvd Suite #200, Lakewood, CO 80228
- Employees
- 51-200
- Founded
- 2000
Attack summary
Severity: critical — Confirmed exfiltration of 330 GB from a healthcare provider; data includes patient medical records and PHI at scale. HIPAA-regulated sensitive data exposure represents critical severity regardless of proof quantity.Trinity claims to have exfiltrated 330 GB of data from Rocky Mountain Gastroenterology. The group published the victim's claimed annual revenue ($60.3M) and data volume, indicating both encryption and data theft.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Personal health information (PHI)
- Billing records
- Patient portal data
- Insurance information
- Business operational data
What the group claims
330Gb - Revenue: $60.3 Million - Publication date: 2024-10-16
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

