Ransomware victim disclosure
← All victimsWatson Clinic LLP
listed as Watsonclinic.com · Claimed by Donutleaks · listed 2 years ago
Status timeline
- ListedMar 9, 2024
- Data leakeddate unknown
At a glance
- Group
- Donutleaks
- Status
- Data leaked
- Country
- United States
- Sector
- Healthcare
- Listed on leak site
- Mar 9, 2024
About the victim
AI dossier — public-source company profileWatson Clinic LLP is a family health and medical center based in Lakeland, Florida, operating as a multi-specialty healthcare provider with numerous locations across central Florida. The clinic offers a wide range of medical services including cardiology, oncology, surgery, orthopedics, pediatrics, and urgent care, along with specialized centers for cancer research and rehabilitation.
- Industry
- Healthcare - Multi-specialty Medical Center
- Address
- Lakeland, Florida, United States
Attack summary
Severity: critical — Confirmed exfiltration of healthcare data (medical records and PII) from a multi-specialty medical center serving thousands of patients. Healthcare data is regulated under HIPAA and other privacy laws; large-scale patient medical records constitute highly sensitive regulated information.Donutleaks claims to have conducted penetration testing on Watson Clinic's Active Directory network, identifying vulnerabilities (approximately 90% reportedly exploited). The group claims exfiltration of medical data and has begun publishing the dataset after the victim remained unresponsive for approximately one month.
Data the group says was taken
AI dossier — extracted from the leak post- Medical records
- Patient personal information
- Active Directory credentials/configurations
- Network infrastructure data
What the group claims
We starting publishing data related medical company from U.S. they was silent almost a month. Soon here will be posted first pack of data. They was pen-tested by some another us-based company and they found a lot of vulnerability in Watsonclinic active directory network - and 90% of them…
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

