Ransomware victim disclosure
← All victimsClínica La Sabana
Claimed by Payload · listed 7 days ago
Status timeline
- ListedJun 26, 2026
- Data leakeddate unknown
At a glance
- Group
- Payload
- Status
- Data leaked
- Country
- Costa Rica
- Sector
- Healthcare
- Listed on leak site
- Jun 26, 2026
About the victim
AI dossier — public-source company profileClínica La Sabana is a medical clinic located in Bogotá, Colombia, specializing in outpatient care, specialist consultations, surgical procedures, and physical therapy. Core specialties include orthopedics, traumatology, otolaryngology, diagnostic radiology, and plastic surgery.
- Industry
- Healthcare & Medical Services
- Address
- Bogotá, Colombia
Attack summary
Severity: high — Healthcare provider with confirmed data exfiltration containing patient medical records and PII; regulated sensitive data exposure at a medical institution serving an unspecified patient population.The Payload group claims to have compromised Clínica La Sabana and published exfiltrated data. No specific details on encryption status, data types, or operational impact are provided in the leak post.
Data the group says was taken
AI dossier — extracted from the leak post- Patient medical records
- Personal identifiable information
- Diagnostic imaging records
- Surgical procedure documentation
What the group claims
Clínica La Sabana (clinicalasabana.com) is a medical institution located in Bogotá, Colombia, specializing in the provision of comprehensive healthcare services. The company offers outpatient care, specialist consultations, surgical procedures, and physical therapy. Its primary areas of expertise include orthopedics, traumatology, otolaryngology, and diagnostic radiology.
Sources
Source
Indexed 7 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

