Ransomware victim disclosure
← All victimsWelldyne
Claimed by Payoutsking · listed 8 days ago
Status timeline
- ListedJul 7, 2026
- Data leakeddate unknown
At a glance
- Group
- Payoutsking
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Jul 7, 2026
About the victim
AI dossier — public-source company profileWellDyne is a pharmacy benefit management (PBM) company operating in the US healthcare sector. It provides prescription drug management services to health plans, employers, and government programs, offering mail-order pharmacy, specialty pharmacy, clinical programs, and modular pharmacy services through its operating partner HealthDyne.
- Industry
- Pharmacy Benefit Management (PBM)
Attack summary
Severity: high — PBM companies process sensitive healthcare and personally identifiable information (PII) at scale, including prescription and claims data for millions of members. Public disclosure of such data carries significant regulatory and privacy implications under HIPAA and state laws, even without confirmation of specific file counts.The ransomware operator claims to have breached WellDyne and published data. No specific details on encryption status, exfiltration scope, or data categories are provided in the post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- pharmacy claims data
- member information
- prescription records
- health plan data
Original description
AI-summarised, not from the leak postWelldyne is a pharmacy benefit management (PBM) company based in the United States. It provides prescription drug management services to health plans, employers, and government programs. The company focuses on improving medication adherence and controlling prescription costs through its pharmacy network, mail-order pharmacy services, and data-driven clinical programs. Welldyne operates primarily across the US healthcare sector.
Sources
Source
Indexed 8 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

