Ransomware victim disclosure
← All victimseMedicoERP
Claimed by Killsecurity · listed 10 months ago
Status timeline
- ListedSep 6, 2025
- Data leakeddate unknown
At a glance
- Group
- Killsecurity
- Status
- Data leaked
- Country
- India
- Sector
- Technology
- Listed on leak site
- Sep 6, 2025
- Data size
- 600 GB
About the victim
AI dossier — public-source company profileeMedicoERP is a cloud-based ERP software product developed by DinamicAPPS, designed for clinics, hospitals, and IPS (health service providers) in Colombia. The platform offers over 28 modules covering administrative and clinical processes including billing, inventory management, patient records, and regulatory compliance with Colombian health norms. It is accessed via a SaaS/rental licensing model.
- Industry
- Healthcare IT / Medical Practice Management Software
Attack summary
Severity: high — The victim is a healthcare ERP software vendor whose platform stores sensitive patient and clinical data for multiple hospitals and clinics across Colombia. A breach at the software/SaaS provider level could expose regulated health data (PII, medical records) from numerous downstream healthcare institutions, constituting a high-severity supply-chain style exposure. Data is marked as published, elevating from medium.KillSecurity claims to have attacked eMedicoERP and the disclosure status is listed as data_published, indicating that data has been released; however, the leak post contains no specific details about the nature of the exfiltration, data types stolen, or encryption activity.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records (potentially)
- Clinical administrative data
- Billing and financial records
- User/staff credentials
- Healthcare provider configurations
What the group claims
N/A
The leak post
captured from the group's siteFounded in 1997, iCare Software, based in the United States, delivers innovative management solutions for childcare and afterschool programs. Serving childcare centers, preschools, afterschool programs, and multi-site operations, iCare automates critical tasks like attendance tracking, staff scheduling, tuition collection, and compliance reporting. Its unique offerings include AI-driven analytics, business intelligence dashboards, and CRM tools to boost enrollment and staff retention. With seamless data migration and robust back-end technology, iCare empowers providers to focus on quality care while streamlining operations and driving growth. Cadorim simplifies money transfers to Mauritania, offering a secure, user-friendly platform for individuals and businesses. With a focus on speed, affordability, and accessibility, Cadorim enables seamless transactions in just three clicks, available around the clock. The company ensures maximum security for every transfer, provides competitive exchange rates with no fees, and processes transactions instantly. Headquartered in Brussels, Belgium, with operations in Nouakchott, Mauritania, Cadorim serves customers seeking reliable, cost-effectiv…
Sources
- Victim siteemedicoerp.com
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

