Hackers trying to extort two U.S. hospital chains have posted detailed patient information (including medical diagnosis) from them on the dark web.

The patient records, numbering in the tens of thousands and were posted on a dark web blog used by hackers to name and extort their victims. The records include personal identifying information of patients, like their names, addresses and birthdays, and their medical diagnoses. The records come from the Leon Medical Centers, with locations in Miami, and the Nocona General Hospital, with locations in Texas.

The stolen files also include at tens of thousands of scanned diagnostic results and letters to insurers and background checks on hospital employees.

A hacking group that is known for ransomware is responsible for the leak. They encrypt victim files and demand ransom, they publish the information when victims refuse to pay, the ransom.

Ransomware hackers have been targeting American businesses in recent times including hospitals, schools and government computers. Hackers then demand payment, usually in bitcoin, to unlock the files.

A survey from cybersecurity firm Emsisoft, shows that more than 560 hospitals and health care providers were hit with varying ransomware attacks in 2020. In October 2020, warnings were issued by federal agencies saying that there was “an increased and cybercrime imminent threat” targeted at hospitals.

Various ransomware gangs have declared that hospitals are off limits, but others have attacked them. The fallout of doctors losing access to their hospital computers are very severs and this can cause delays in medical procedures which can be fatal.

medical records from leon Hospital

While ransomware gangs post their victims personal information online, many do not post medical records online. Brett Callow, a ransomware analyst at Emsisoft said: “When financial stuff leaks, people can at least fix their credit, … Not so with health stuff. Once it’s out there, it’s out there.”

Records stolen from Leon medical Center includes “name, contact information, Social Security number, financial information, date of birth, family information, medical record number, Medicaid number, prescription information, medical and/or clinical information including diagnosis and treatment history, and health insurance information,”.

A website called, that tracks exposures of medical data, says that Leon has notified the U.S. Department of Health and Human Services of the data breach, and estimates that 500 patients records were compromised.

Yolanda Foster, a spokesperson for Leon, said:

We are working diligently with third-party forensic experts to complete an investigation into the matter. As soon as possible, we will provide direct notifications to any affected individuals.

Image of Medical record leaked from Nocona General Hospital