Ransomware victim disclosure
← All victimsBaltimore Medical System
listed as bmsi.org · Claimed by Braincipher · listed 10 months ago
Status timeline
- ListedSep 16, 2025
- Data leakeddate unknown
At a glance
- Group
- Braincipher
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Sep 16, 2025
About the victim
AI dossier — public-source company profileBaltimore Medical System (BMS) is a Federally Qualified Health Center (FQHC) providing community-based primary and preventive healthcare services in Baltimore, Maryland. BMS operates multiple clinic locations and pharmacies, serving underserved populations including low-income patients, refugees, and non-English speakers. The organization offers a sliding-fee scale and free medication delivery, and has been operating for at least 40 years.
- Industry
- Community Health Centers & Primary Care
- Address
- Baltimore, Maryland, United States
Attack summary
Severity: critical — The victim is a community healthcare provider handling large volumes of protected health information (PHI) and PII. The group claims exfiltration of over 1 TB of data and has published multiple download links, indicating data has already been publicly released. A breach of this scale at a medical organization constitutes a critical disclosure under HIPAA and represents severe risk to patients.The Braincipher ransomware group claims to have exfiltrated more than 1 TB of data from Baltimore Medical System, with the stolen data published and available for download via multiple Tor (.onion) links.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Personal health information (PHI)
- Patient demographic data
- Pharmacy records
- Insurance and billing information
- Staff/employee records
- Organizational financial data
Original description
AI-summarised, not from the leak postN/A
The leak post
captured from the group's siteWe have more 1TB of data. If you think you are here by mistake, please contact us at [email protected] ⏳ 11d 22h 39m 6s remaining Download: 3fg2gfwrdks46drwvejpgpak5klrflclsjjo35dxtqfk3poeez6oezad.onion If you think you are here by mistake, please contact us at [email protected] Download: emdnfl2fv32jhssxcbxlo6dzg2at4d7qbw2md6inz63qzdfgyln5cwyd.onion If you think you are here by mistake, please contact us at [email protected] Download: a4vbe7yp4kluped6khuhpr5nmzshiimx2jt5j22ozriiq6ngsm3fcpyd.onion If you think you are here by mistake, please contact us at [email protected] Download: x3nb7qcygpem2j5xzstyzdtgzofzkwkx4eko3ug4r73i6uhcgvyffjyd.onion If you think you are here by mistake, please contact us at [email protected] Download: 3frnhzcnlkjnw5q3tm6elzizinm2k3bmrtf2xwqjzpcxzeqwn2tv6wyd.onion If you think you are here by mistake, please contact us at [email protected] Download: 6ft2dfh26wm3w44orpjcgviutvfp25ez2iyh5ego5egvfmifrws7vvqd.onion If you think you are here by mistake, please contact us at [email protected] Download: zijgmuqjzb6dc7pofxhtaiz36qqyg35lhutybmzaz6whzgei2casjgid.onion If you think…
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

