Ransomware victim disclosure
← All victimsMedical University of the Americas
Claimed by Nokoyawa · listed 3 years ago
Status timeline
- ListedMay 23, 2023
- Data leakeddate unknown
At a glance
- Group
- Nokoyawa
- Status
- Data leaked
- Country
- Canada
- Sector
- Healthcare
- Listed on leak site
- May 23, 2023
About the victim
AI dossier — public-source company profileMedical University of the Americas (MUA) is a private, for-profit offshore medical school located in Charlestown, Nevis, owned by R3 Education, Inc. It offers MD and pre-medical programs primarily to students from the US and Canada, with basic science coursework on the Nevis campus and clinical rotations in North America. MUA has been operating for over 25 years and holds accreditation from the Accreditation Commission on Colleges of Medicine (ACCM).
- Industry
- Medical Education (Offshore Medical School)
- Address
- Charlestown, Nevis, Saint Kitts and Nevis
Attack summary
Severity: critical — The victim is a medical university handling regulated PII at scale, including student academic, financial aid, and admissions records for US and Canadian nationals; data has been confirmed published by the threat actor, indicating successful exfiltration of sensitive personal and potentially financial data.The Nokoyawa ransomware group claims to have attacked Medical University of the Americas and has published data as part of a disclosed leak, indicating exfiltration of institutional data; the post does not specify encryption or the precise volume of data exfiltrated.
Data the group says was taken
AI dossier — extracted from the leak post- Student records
- Faculty and administration data
- Financial aid and tuition records
- Admissions records
- Academic records
What the group claims
Medical University of the Americas (MUA) is a private for-profit offshore medical school in Charlestown, Nevis. It is owned by R3 Education, Inc. which also owns St. Matthew's University and the Saba University School of Medicine Students at MUA are primarily from the US and Canada and return to...
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

