Ransomware victim disclosure
← All victimsMiSalud Health
listed as misaludhealth.com · Claimed by Babuk · listed 1 year ago
Status timeline
- ListedMar 10, 2025
- Data leakeddate unknown
At a glance
- Group
- Babuk
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Mar 10, 2025
About the victim
AI dossier — public-source company profileMiSalud Health is a bilingual telehealth and virtual healthcare provider offering same-day virtual doctor visits in English and Spanish. They serve diverse workforces through a hybrid model combining on-site health screenings with ongoing virtual care, targeting employers, health systems, and benefits brokers with chronic care management and mental health services.
- Industry
- Telehealth & Virtual Healthcare Services
Attack summary
Severity: high — Healthcare provider with access to protected health information (PHI) and personal data of employees/members across multiple employers. Telehealth platforms typically hold sensitive medical and financial records. Confirmed data publication by ransomware operator indicates exfiltration occurred, though specific proof volume and data scope are not detailed in the visible post.Babuk Locker 2.0 claims to have breached MiSalud Health. The leak post provides minimal detail on what data was accessed or whether it was exfiltrated; only a listing announcement is visible.
Data the group says was taken
AI dossier — extracted from the leak post- Patient/member health records
- Personal identifying information
- Virtual care consultation records
What the group claims
misaludhealth.com By Babuk Locker 2.0
Sources
- Victim sitemisaludhealth.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

