Ransomware victim disclosure
← All victimsTriMed Inc.
listed as TriMed Inc. (Henry Schein) · Claimed by Lynx · listed 10 months ago
Status timeline
- ListedOct 2, 2025
- Data leakeddate unknown
At a glance
- Group
- Lynx
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Oct 2, 2025
- Ransom demanded
- $58M
About the victim
AI dossier — public-source company profileTriMed Inc. is a medical device company headquartered in Santa Clarita, California, specializing in developing surgical solutions for upper and lower extremity treatments. The company focuses on clinically relevant orthopedic implant and fixation products. In 2024, TriMed reported net sales of approximately $58 million, indicating a mid-sized presence in the orthopedic device market.
- Industry
- Surgical Implants & Orthopedic Devices
- Address
- Santa Clarita, California, United States
Attack summary
Severity: high — Data has been confirmed as published (data_published status) by the threat actor, indicating successful exfiltration from a healthcare-adjacent medical device company. Potential exposure of business-sensitive and regulated data (financial records, possible patient-adjacent clinical data) at a company with ~$58M in annual revenue warrants a high severity rating.The Lynx ransomware group claims to have attacked TriMed Inc. and published data, with the $58M figure appearing to reference the company's annual net sales rather than a ransom demand. The disclosed status indicates data has been published, suggesting exfiltration of company data.
Data the group says was taken
AI dossier — extracted from the leak post- Financial records
- Business operations data
- Potentially proprietary surgical product designs
- Employee records
- Customer/clinical partner data
What the group claims
Headquartered in Santa Clarita, California, TriMed is a leader in developing creative and clinically relevant surgical solutions that improve treatment in both the upper and lower extremities. In 2024, TriMed had net sales of approximately $58 million.
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

