Ransomware victim disclosure
← All victimsScioto Paint Valley Mental Health
listed as spvmhc.org · Claimed by Abyss · listed 2 years ago
Status timeline
- ListedAug 21, 2024
- Data leakeddate unknown
At a glance
- Group
- Abyss
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Aug 21, 2024
- Data size
- 29 GB
- Ransom demanded
- $50
About the victim
AI dossier — public-source company profileScioto Paint Valley Mental Health is a regional mental health and substance use treatment provider operating multiple outpatient clinics and residential facilities across five Ohio counties (Ross, Fayette, Highland, Pike, Pickaway). The organization offers 24/7 crisis services, residential treatment programs, psychiatric care, and specialized counseling services.
- Industry
- Mental Health & Substance Use Disorder Treatment
- Address
- 4449 OH-159, Chillicothe, Ohio, 45601
- Employees
- 51-200
Attack summary
Severity: critical — Mental health and substance use disorder treatment records constitute highly sensitive regulated health information (PHI) protected under HIPAA. Exfiltration of patient records from a treatment facility treating vulnerable populations (mental health, substance use disorder patients) represents significant harm risk including discrimination, identity theft, and reputational damage to patients.The Abyss ransomware group claims to have exfiltrated 29 GB of uncompressed data from the organization. The post does not specify whether encryption occurred or detail the specific data categories affected.
Data the group says was taken
AI dossier — extracted from the leak post- Patient mental health records
- Substance use disorder treatment histories
- Clinical assessments and diagnoses
- Staff personnel files
- Administrative and billing records
- Pharmacy records
What the group claims
Scioto Paint Valley Mental Health Center offer a variety of Residential and Outpatient counseling treatment centers in these counties: Ross, Fayette, Highland, Pike, and Pickaway.
The leak post
captured from the group's site```
let data = [
{
'title' : 'thinlinetech.com',
'short' : 'thinlinetech.com 29Gb uncompressed data',
'full' : 'Thinline Technologies <br>' +
'Thinline Technologies offers reliable IT consulting and expert computer and network support services to businesses in the Baltimore metro area.<br> They specialize in network administration, technology planning, and help desk services, focusing on increasing productivity and profitability for small to mid-size businesses.<br>'+
'password: 6oGfyIRISQmmI3Ge2kEeyu7hbzONONEFpkcnhC1S4Ygk4iSpw4RRxDXY1uk9xeyUXOmg7UOuZvGekRc9cs8E61LWKdI08uv0kUyC4V6YxaETtrhniAtKD9t7FQ2qTFYi<br>'+
'Link â„–1 Filelist',
'links' : [
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.lst.zip",
"http://zngbsq66uwem4qzyxpqb5rjo2xebnbwdku27nhmquryx6ljnbbedhiad.onion/thinline.rar"
]
},
{
'title' : 'crownlaboratories.com',
'short' : 'crownlaboratories.com 8Tb uncompressed data',
'full' : 'Crown Laboratories <br>' +
'Crown Laboratories, founded in 2000 and based in Johnson City, TN, provides pharmaceutica…Screenshot of the leak post

Sources
- Victim sitespvmhc.org
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

