Ransomware victim disclosure
← All victimsTIMS Medical
listed as tims.com · Claimed by Abyss · listed 2 years ago
Status timeline
- ListedSep 19, 2024
- Data leakeddate unknown
At a glance
- Group
- Abyss
- Status
- Data leaked
- Country
- Canada
- Sector
- Healthcare
- Listed on leak site
- Sep 19, 2024
- Data size
- 29 GB
- Ransom demanded
- $50
About the victim
AI dossier — public-source company profileTIMS Medical provides enterprise medical imaging solutions for endoscopy, radiology, and surgical imaging. Their flagship product, TIMS MVP, is a recording and archiving platform compatible with multiple PACS/VNA and EMR systems, deployed in over 7,000 installations worldwide.
- Industry
- Medical Imaging Software & Solutions
Attack summary
Severity: high — Confirmed exfiltration of 29 GB from a healthcare software company with widespread deployment (7,000+ installations). Medical imaging platforms handle sensitive health data and are critical infrastructure; exposure of their code, configurations, or customer records poses significant risk to downstream healthcare operations and patient privacy.The Abyss group claims to have exfiltrated 29 GB of uncompressed data from TIMS Medical. The leak post contains multiple victim entries in a single disclosure, suggesting a broader campaign; the specific data types and operational impact are not detailed in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Software source code or documentation
- Business records
- Customer/patient-related information
- Configuration files
What the group claims
TIMS Medical offers innovative medical imaging solutions for hospitals and healthcare providers.
The leak post
captured from the group's site```
let data = [
{
'title' : 'thinlinetech.com',
'short' : 'thinlinetech.com 29Gb uncompressed data',
'full' : 'Thinline Technologies <br>' +
'Thinline Technologies offers reliable IT consulting and expert computer and network support services to businesses in the Baltimore metro area.<br> They specialize in network administration, technology planning, and help desk services, focusing on increasing productivity and profitability for small to mid-size businesses.<br>'+
'password: 6oGfyIRISQmmI3Ge2kEeyu7hbzONONEFpkcnhC1S4Ygk4iSpw4RRxDXY1uk9xeyUXOmg7UOuZvGekRc9cs8E61LWKdI08uv0kUyC4V6YxaETtrhniAtKD9t7FQ2qTFYi<br>'+
'Link â„–1 Filelist',
'links' : [
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.lst.zip",
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.rar"
]
},
{
'title' : 'crownlaboratories.com',
'short' : 'crownlaboratories.com 8Tb uncompressed data',
'full' : 'Crown Laboratories <br>' +
'Crown Laboratories, founded in 2000 and based in Johnson City, TN, provides pharmaceutica…Screenshot of the leak post

Sources
- Victim sitetims.com
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

