Ransomware victim disclosure
← All victimsSouthwest Healthcare Services
Claimed by Donutleaks · listed 3 years ago
Status timeline
- ListedJul 17, 2023
- Data leakeddate unknown
At a glance
- Group
- Donutleaks
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Jul 17, 2023
About the victim
AI dossier — public-source company profileSouthwest Healthcare Services is a non-profit organization providing quality healthcare to communities in southwest North Dakota and northwest South Dakota. The organization operates under the domain swhealthcare.net and serves a rural regional population. Its non-profit status indicates a mission-driven healthcare delivery model.
- Industry
- Non-Profit Regional Healthcare Services
- Address
- Southwest North Dakota and Northwest South Dakota, United States
Attack summary
Severity: critical — The group claims full data publication ('Full Data Download') from a non-profit regional healthcare provider, which almost certainly contains regulated patient health information (PHI/PII) subject to HIPAA, constituting a critical-severity confirmed exfiltration of sensitive medical data.Donutleaks claims to have exfiltrated data from Southwest Healthcare Services and has published a full data download, indicating confirmed exfiltration and public disclosure of the stolen data.
Data the group says was taken
AI dossier — extracted from the leak post- Full organizational data (exfiltrated and published)
What the group claims
Southwest Healthcare Services is a non-profit organization dedicated to providing quality healthcare in southwest North Dakota and northwest South Dakota. https://swhealthcare.net/ Full Data Download…
Sources
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

