Ransomware victim disclosure
← All victimsGreater Pittsburgh Orthopaedic Associates
Claimed by Ransomhouse · listed 11 months ago
Status timeline
- ListedAug 20, 2025
- Data leakeddate unknown
At a glance
- Group
- Ransomhouse
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Aug 20, 2025
- Data size
- 743 GB
- Ransom demanded
- $740
About the victim
AI dossier — public-source company profileGreater Pittsburgh Orthopaedic Associates (GPOA) is Pittsburgh's oldest continuously operating orthopaedic surgery practice, operating seven offices across the Greater Pittsburgh metropolitan area in Pennsylvania. The practice is staffed by board-certified orthopaedic surgeons offering specialties including joint replacement, spine surgery, sports medicine, hand and upper extremity care, and physical therapy. GPOA serves patients across a wide range of age groups and also operates a physical therapy division.
- Industry
- Orthopaedic Surgery & Musculoskeletal Healthcare
- Address
- Multiple offices in Greater Pittsburgh Region, Pennsylvania, USA (Brackenridge, Cranberry Township, Moon Township, Sewickley, Shadyside, South Side)
Attack summary
Severity: critical — 743 GB of data exfiltrated from a multi-site orthopaedic medical practice constitutes a large-scale breach of regulated healthcare data (PHI/PII) covered under HIPAA; data has been published, confirming exfiltration and disclosure of sensitive patient medical and financial records.Ransomhouse claims to have encrypted systems and exfiltrated approximately 743 GB of data from Greater Pittsburgh Orthopaedic Associates; the disclosure status is listed as 'data_published', indicating the stolen data has been or is being released.
Data the group says was taken
AI dossier — extracted from the leak post- Patient health records (likely including PHI)
- Insurance and billing data
- Patient forms and personal information
- HIPAA-governed medical records
- Financial and payment data
- Work and disability records
- Staff and provider information
What the group claims
Pittsburgh Orthopaedic Associates (GPOA), Pittsburgh’s oldest continuously-operating orthopaedic surgical associates. Our goal is to provide compassionate orthopaedic care to patients of all ages for an extensive variety of conditions.
The leak post
captured from the group's site```
{"data":[{"id":"a1894b76b7004c75a3a0845799af49956592e3d9","display":"animated","header":"HOT NEWS","info":" Trellix is a global cybersecurity company.","url":"","sort":1,"views":"436242"},{"id":"336b257f582b17573c97578efd4b22762bf77344","sort":2,"header":"Trellix (McAfee & FireEye)","url":"https://www.trellix.com/","private":"false","revenue":"1.5-2 B$","employees":"5000","info":"Trellix is a global cybersecurity company formed from the October 2021 merger of McAfee Enterprise and FireEye. It provides services to over 50,000 business and government customers worldwide, protecting more than 200 million endpoints. The companys open and native extended detection and response (XDR) platform helps organizations confronted by todays most advanced threats gain confidence in the protection and resilience of their operations. Trellix, along with an extensive partner ecosystem, accelerates technology innovation through machine learning and automation to empower over 40,000 business and government customers with living security","statusDate":"DEPENDS ON YOU","status":"EVIDENCE","published":"NOT YET","action":"Encrypted","actionDate":"17/04/2026","volume":"~","content":"cybersecurity.html"…Sources
Source
Indexed 11 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

