Ransomware victim disclosure
← All victimsVirMedice
Claimed by Pear · listed 10 months ago
Status timeline
- ListedSep 15, 2025
- Data leakeddate unknown
At a glance
- Group
- Pear
- Status
- Data leaked
- Country
- United States
- Listed on leak site
- Sep 15, 2025
About the victim
AI dossier — public-source company profileVirMedice is a Phoenix, Arizona-based authorized NextGen Healthcare reseller specializing in NextGen Ambulatory EHR and Practice Management software. The company has operated since 2000, serving medical practices of all sizes with reselling, managed cloud hosting, and support services. It positions itself as a managed service provider for small practices, hosting client EHR/PM environments in a private cloud infrastructure.
- Industry
- Healthcare IT — Electronic Health Records & Practice Management Software Reseller
- Address
- 706 E Bell Rd. Suite 204, Phoenix, AZ 85022
- Founded
- 2000
Attack summary
Severity: critical — VirMedice hosts NextGen EHR and Practice Management systems in a managed cloud environment for multiple medical practices, meaning exfiltrated data likely includes protected health information (PHI) at scale across numerous practices — constituting regulated medical data subject to HIPAA. The data_published status confirms exfiltration has occurred and data has been released.The ransomware group 'pear' claims a disclosed data attack against VirMedice, with the status listed as data_published, indicating exfiltration and publication of data. Given VirMedice's role as a managed cloud host for NextGen EHR and PM systems across multiple medical practices, the breach potentially exposes patient health records and practice management data for numerous client practices.
Data the group says was taken
AI dossier — extracted from the leak post- Electronic Health Records (EHR) data
- Practice Management (PM) data
- Patient records
- Client practice data
- Managed cloud environment files
- Business/operational data
What the group claims
VirMedice offers the NextGen Ambulatory EHR (Electronic Health Records) and NextGen Ambulatory PM software (Practice Management) in two Models
Sources
Source
Indexed 10 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

