Ransomware victim disclosure
← All victimsMedicalfile
listed as Medical File · Claimed by Killsec · listed 1 year ago
Status timeline
- ListedFeb 20, 2025
- Data leakeddate unknown
At a glance
- Group
- Killsec
- Status
- Data leaked
- Country
- Mexico
- Sector
- Healthcare
- Listed on leak site
- Feb 20, 2025
About the victim
AI dossier — public-source company profileMedicalfile is a Mexican healthcare software company offering an electronic medical record (EMR) system designed for physicians and clinics. The platform enables voice-to-text clinical documentation, unlimited document/image storage, and patient management via web and mobile (online/offline modes). Founded in 2015, the company operates primarily in Mexico.
- Industry
- Healthcare IT / Electronic Medical Records
- Founded
- 2015
Attack summary
Severity: high — EMR platform serving healthcare providers in Mexico; exfiltration of medical records and patient clinical data constitutes confirmed exposure of sensitive regulated health information (HIPAA-equivalent concern). Scale and specific proof details unknown but the nature of the asset is inherently high-risk.The killsec group claims to have accessed and published data from Medicalfile. The post references 'El expediente clínico más innovador del mercado' (the most innovative clinical record on the market), suggesting exfiltration of clinical or business data from the platform.
Data the group says was taken
AI dossier — extracted from the leak post- Electronic medical records
- Patient clinical data
- Clinical documentation
- Patient images/documents
What the group claims
El expediente clínico más innovador del mercado
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

