Ransomware victim disclosure
← All victimsErgoMed
Claimed by Thegentlemen · listed 2 days ago
Status timeline
- ListedJul 1, 2026
- Data leakeddate unknown
At a glance
- Group
- Thegentlemen
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Healthcare
- Listed on leak site
- Jul 1, 2026
About the victim
AI dossier — public-source company profileErgoMed Work Systems is a US-based occupational health and employment testing company founded in 1992. They provide physical demand simulation testing, musculoskeletal evaluations, post-offer employment screening, fitness-for-duty testing, drug screening, and wellness programs to help employers reduce workplace injuries and workers' compensation costs.
- Industry
- Occupational Health & Employment Screening Services
- Founded
- 1992
Attack summary
Severity: medium — Disclosed status is 'data_published' suggesting exfiltration occurred, but no proof files are advertised, no specific data inventory is detailed in the post, and the company handles employment screening and health testing data which, while sensitive, is not typically classified as highly regulated PII at the scale of medical records or financial data. The vague nature of the claim limits confidence in impact.The group claims to have accessed ErgoMed's systems. The leak post does not specify whether data was exfiltrated, encrypted, or what specific data categories are at risk.
What the group claims
***.net ErgoMed Work Systems is a US-based occupational health and employment testing company that has been providing loss control programs since 1992.They specialize in physical demand simulation testing, musculoskeletal evaluations, and post-offer employment screening to help businesses and HR managers reduce workplace injuries
Sources
- Victim siteergomed.net
Source
Indexed 2 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

