Ransomware victim disclosure
← All victimsClarke County Hospital
Claimed by Royal · listed 3 years ago
Status timeline
- ListedApr 24, 2023
- Data leakeddate unknown
At a glance
- Group
- Royal
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Apr 24, 2023
About the victim
AI dossier — public-source company profileClarke County Hospital is a critical access hospital located in Osceola, Iowa, serving Clarke County and surrounding rural communities. It provides inpatient, outpatient, emergency, and specialty care services. As a county-owned facility, it serves as the primary healthcare provider for the region.
- Industry
- Critical Access Hospital & Healthcare Services
- Address
- 800 E. Thrasher Street, Osceola, Iowa 50213
- Employees
- 201-500
- Founded
- 1926
Attack summary
Severity: critical — The victim is a healthcare provider subject to HIPAA; data_published status indicates confirmed exfiltration and public release of data likely containing protected health information (PHI) and PII at scale, meeting the critical threshold for regulated sensitive data exposure.The Royal ransomware group claimed an attack on Clarke County Hospital, with the disclosure status recorded as data_published, indicating that exfiltrated data was made publicly available on the group's leak site. No specific ransom amount or data size was captured in the available post.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Personally identifiable information (PII)
- Employee records
- Financial records
- Insurance and billing data
- Internal hospital documents
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

