Healthcare Retroactive Audits
Healthcare Retroactive Audits
Group: Dragonforce
Discovered by ransomware.live: 2025-11-26
Estimated attack date: 2025-11-26
Description:
22 171 128 medical record files, neatly packaged into 11 archives by hospital. The firm Healthcare Retroactive Audits, which was auditing the data for insurers, not only let the leak happen but also took no steps to stop the files from being published. When we approached NIH Information Security Program to discuss the issue, they said they weren’t interested in resolving it. We’re now open to talks with the affected organizations, insurers and the hospitals whose data were lost. These files are only a portion of the total breach, and we’re deciding whether to keep the release at this size or expand it.
DNS Records:
The following DNS records were found for the victim's domain.
- abuse godaddy.com
- smtp.healthcareaudits.net.
- healthcareaudits-net.mail.protection.outlook.com.
- v=spf1 include:_spf.healthcareaudits_net._d.easydmarc.pro -all
- MS=ms43379038
- v=verifydomain MS=7463936
Leak Screenshot:
Legal Disclaimer: Ransomware.live does not engage in the acquisition, exfiltration, downloading, possession, hosting, access, consultation, redistribution, or disclosure of unlawfully obtained data. This platform indexes only publicly visible information posted by ransomware operators and open web sources without accessing or obtaining the underlying stolen content. The service is provided to support public awareness, legitimate research, and cyber-resilience. No stolen personal or confidential data is collected or distributed via this site.