Ransomware victim disclosure
← All victimsWestern Orthopaedics, P.C.
listed as Western Orthopaedics · Claimed by Pear · listed 9 months ago
Status timeline
- ListedOct 4, 2025
- Data leakeddate unknown
At a glance
- Group
- Pear
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Oct 4, 2025
About the victim
AI dossier — public-source company profileWestern Orthopaedics, P.C. is a board-certified orthopaedic surgery practice headquartered in Englewood, Colorado, with a history dating to 1938. The practice serves patients across the Denver metro area and Colorado's front range, offering services including sports medicine, joint replacement, spine care, shoulder and elbow surgery, and fracture care. It operates on multiple campuses including HCA HealthONE Rose, HCA HealthONE Swedish, and a Littleton location.
- Industry
- Orthopaedic Surgery & Musculoskeletal Medicine
- Address
- 500 E. Hampden Ave., Suite 400, Englewood, CO 80113
- Founded
- 1938
Attack summary
Severity: critical — The victim is a healthcare provider; data published status confirms exfiltration of what is almost certainly protected health information (PHI) and patient PII, which constitutes regulated medical data at scale under HIPAA.The ransomware group 'pear' claims an attack on Western Orthopaedics, P.C., with the disclosed status indicating data has been published. The post references the practice's orthopaedic surgery, musculoskeletal conditions, sports injuries, and spinal conditions operations, suggesting exfiltration of patient-related healthcare data.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Orthopaedic surgery records
- Musculoskeletal condition records
- Sports injury records
- Spinal condition records
- Appointment and scheduling data
- Insurance information
What the group claims
The orthopaedic surgery, musculoskeletal conditions, sports injuries and spinal conditions
Sources
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

