Ransomware victim disclosure
← All victimsMDClone
listed as mdclone.com · Claimed by Darkpower · listed 3 years ago
Status timeline
- ListedMar 11, 2023
- Data leakeddate unknown
At a glance
- Group
- Darkpower
- Status
- Data leaked
- Country
- Israel
- Sector
- Healthcare
- Listed on leak site
- Mar 11, 2023
About the victim
AI dossier — public-source company profileMDClone is an Israeli healthcare technology company that provides the ADAMS platform, a self-service healthcare data exploration and analytics environment used by health systems, life sciences organizations, and research institutions. The platform enables clinicians and researchers to explore real-world patient data and generate synthetic data for collaboration and innovation. Clients include major institutions such as Intermountain Health, Sheba Medical Center, and Washington University.
- Industry
- Healthcare Data Analytics & Synthetic Data
- Employees
- 51-200
Attack summary
Severity: critical — MDClone handles sensitive healthcare data including real-world patient EHR data and health analytics for major hospital systems; a confirmed data publication event by the threat actor involving a healthcare data platform constitutes a critical-severity incident given the likely presence of regulated medical and patient data at scale.The Darkpower ransomware group claims to have attacked MDClone and has disclosed the status as data_published, indicating exfiltration and/or publication of data. No specific details about the volume or nature of the published data are available from the captured leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Healthcare analytics platform data
- Patient health records (potential)
- Synthetic health datasets
- Electronic health record (EHR) data
- Research data
- Customer/client information
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

