Ransomware victim disclosure
← All victimsMedicalfile
listed as Medical File · Claimed by Killsecurity · listed 1 year ago
Status timeline
- ListedFeb 20, 2025
- Data leakeddate unknown
At a glance
- Group
- Killsecurity
- Status
- Data leaked
- Country
- Mexico
- Sector
- Healthcare
- Listed on leak site
- Feb 20, 2025
About the victim
AI dossier — public-source company profileMedicalfile is a Mexican healthcare software company providing cloud-based electronic medical record (expediente clínico electrónico) solutions. The platform enables physicians and clinics to manage patient records, medical imaging, prescriptions, and inventory via web and mobile applications, with voice-to-text documentation features.
- Industry
- Healthcare IT / Electronic Medical Records (EMR)
- Founded
- 2015
Attack summary
Severity: high — Confirmed exfiltration of healthcare data containing patient medical records, clinical documentation, and imaging files — all regulated PII under healthcare privacy regimes (equivalent to HIPAA-protected data in Mexico). EMR systems inherently contain sensitive health information at scale.Killsecurity claims to have compromised Medicalfile and published exfiltrated data. The group's post references the company's core product ('El expediente clínico más innovador del mercado') but does not specify what data was stolen or the attack method.
Data the group says was taken
AI dossier — extracted from the leak post- patient medical records
- clinical documentation
- medical imaging files
- prescription data
- physician/clinic account credentials
- patient contact information
What the group claims
El expediente clínico más innovador del mercado
Sources
- Victim sitemedicalfile.io
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

