Ransomware victim disclosure
← All victimsTriMed Inc.
listed as TriMed Inc. HSIC · Claimed by Lynx · listed 10 months ago
Status timeline
- ListedOct 2, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Oct 2, 2025
- Ransom demanded
- $58M
About the victim
AI dossier — public-source company profileTriMed Inc. is a medical device company headquartered in Santa Clarita, California, specialising in the development of surgical solutions for upper and lower extremity conditions. The company is described as a leader in creating clinically relevant orthopaedic implants and instruments. In 2024, TriMed reported net sales of approximately $58 million.
- Industry
- Orthopaedic Surgical Devices & Implants
- Address
- Santa Clarita, California, United States
Attack summary
Severity: critical — The victim is a healthcare-sector medical device company and the disclosure status is 'data_published', confirming actual data exfiltration and release. Medical device companies handle regulated data including patient-linked clinical and business records; combined with confirmed publication of exfiltrated data, this meets the critical threshold.The Lynx ransomware group claims to have compromised TriMed Inc. and has published data (disclosed status: data_published), with the $58 million figure appearing in the leak post likely referencing the company's annual revenue as leverage. The post implies exfiltration of company data, though the specific data categories and volume are not detailed in the truncated post.
Data the group says was taken
AI dossier — extracted from the leak post- Company financial records
- Internal business data
What the group claims
Headquartered in Santa Clarita, California, TriMed is a leader in developing creative and clinically relevant surgical solutions that improve treatment in both the upper and lower extremities. In 2024, TriMed had net sales of approximately $58 million.
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

