Ransomware victim disclosure
← All victimsLoretto Hospital
listed as The Loretto Hospital · Claimed by Ransomhouse · listed 1 year ago
Status timeline
- ListedMar 10, 2025
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Mar 10, 2025
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileLoretto Hospital is a not-for-profit acute care community hospital located in Chicago's Austin neighborhood, serving over 33,000 patients annually. Founded in 1923, it provides comprehensive healthcare services including emergency medicine, behavioral health, cardiac care, cancer screening, and surgical services. The hospital operates as a patient-centered provider serving the Austin and surrounding communities.
- Industry
- Healthcare - Acute Care Community Hospital
- Address
- 645 South Central Avenue, Chicago, IL 60644
- Founded
- 1923
Attack summary
Severity: critical — Confirmed exfiltration of 743 GB of data from a healthcare facility constitutes exposure of regulated protected health information (PHI) and personally identifiable information (PII) at significant scale. Healthcare data breaches affecting thousands of patients are critical-tier incidents under HIPAA and relevant regulations.Ransomhouse claims to have encrypted Loretto Hospital's systems and exfiltrated 743 GB of data. The group has published the victim on its leak site, indicating intent to disclose sensitive healthcare data.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Personal health information (PHI)
- Patient financial/insurance data
- Hospital operational data
- Staff employment records
What the group claims
The Loretto Hospital is a not-for-profit, community-focused health care provider. They provide healthcare services including: primary care, geriatric medicine, vision care, behavioral health services, pediatrics, womens health, pediatric medicine, family planning and dental services. The hospital was founded in 1939 and is headquartered in Chicago, Illinois.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

