Ransomware victim disclosure
← All victimsMedPeds Associates of Sarasota
listed as Medpeds · Claimed by Beast · listed 10 months ago
Status timeline
- ListedSep 16, 2025
- Data leakeddate unknown
At a glance
- Group
- Beast
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Sep 16, 2025
- Records
- 3 Patient
- Ransom demanded
- $23.83
About the victim
AI dossier — public-source company profileMedPeds Associates of Sarasota is a primary care medical practice in Sarasota, Florida, providing internal medicine and pediatric services to adults, seniors, and children. The practice holds NCQA Level 3 Patient Centered Medical Home certification and offers preventative care, chronic disease management, same-day lab services, and telehealth. Its website noted a 'Computer Downtime and Incursion' as of September 2, 2025.
- Industry
- Primary Care Medicine (Internal Medicine & Pediatrics)
- Address
- Sarasota, Florida, United States
Attack summary
Severity: critical — The victim is a US healthcare provider subject to HIPAA; data_published status indicates confirmed exfiltration and public release of data likely containing regulated PHI/PII for patients including children, meeting the critical threshold.The Beast ransomware group claims to have attacked MedPeds, with the disclosure status listed as data_published, indicating exfiltration and/or publication of data from a US-based primary care healthcare provider. The ransom demand stated was $23.83, suggesting either a symbolic figure or a truncated/erroneous value.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Personal health information (PHI)
- Patient demographic data
- Billing and insurance records
- Internal medicine and pediatric clinical data
What the group claims
MedPeds Associates, located in Sarasota, Florida, specializes in Internal Medicine and Pediatrics with a strong emphasis on preventive care for adults, seniors, and children. The practice is recognized as a Level 3 Patient Centered Medical Home by the National Committee for Quality Assurance, showcasing its commitment to high-quality healthcare practices. They offer a full spectrum of medical services including same day lab services, chronic care management, and telehealth options. Their goal is to promote good health through proper nutrition, regular professional care, and the establishment of good habits.
The leak post
captured from the group's site[ 2fORM Architecture specializes in innovative sustainable architecture, offering design services for residential, commercial, and interior projects. Their portfolio includes a diverse range of developments, such as multi-family housing, health care facilities, and various remodels. The company aims to serve clients in the Pacific Northwest, including individual homeowners, businesses, and institutions. With a commitment to sustainability and creativity, 2fORM Architecture enhances the built environment through thoughtful design. ](http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/2form_architecture)[ ACMARK s r o is a company that operates in the Repair Services industry. It employs 10to19 people and has 1Mto5M of revenue. The company is headquartered in Brno, South Moravian, Czech Republic. ](http://beast6azu4f7fxjakiayhnssybibsgjnmy77a6duufqw5afjzfjhzuqd.onion/card/acmark)[ AJU Pharm Co., Ltd. is a prominent South Korean total healthcare company founded in 1953. For over 70 years, it has evolved from a manufacturer of raw materials into a global pharmaceutical group specializing in prescription drugs, medical devices, and health supplements P U B L I S H…
Screenshot of the leak post

Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

