Back to Blog
high severity July 12, 2026 · scope unconfirmed

Casper Orthopedics Listed by anubis Ransomware Group

⚠ Were you caught in this breach?
Check your email against 15.4B+ leaked records in 15 seconds — free, no signup.
Scan my email — free → Instant · no account

Orthopedic clinic patients' data and medical records exposed.

Severity High
Disclosed July 12, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On July 12, 2026, Casper Orthopedics appeared on the leak site operated by the Anubis ransomware group, confirming that the Wyoming orthopedic clinic suffered a ransomware attack in which internal files were exfiltrated. The listing indicates that patient data and medical records were taken, although the exact number of individuals affected remains unknown.

Details from the Leak-Site Listing

The Anubis leak page states that Casper Orthopedics was hit by ransomware and that attackers successfully exfiltrated internal files before encryption. The disclosure does not quantify the volume of records or list specific data fields, but it explicitly references patient data and medical records. No ransom amount or payment deadline is shown in the public listing. The incident follows the group’s standard pattern of posting proof-of-exfiltration samples after the victim declined or ignored initial extortion demands.

Why This Matters for You and Your Family

If you or any member of your family has ever received treatment at Casper Orthopedics, your protected health information may now sit on a dark-web server controlled by extortionists. Medical records contain names, dates of birth, Social Security numbers, insurance details, treatment histories, and sometimes physical addresses or phone numbers. Exposure of this information creates immediate financial and fraud risks because health data sells for significantly more than simple email-and-password combinations on underground markets. Even when the leak-site listing does not detail every record type, the confirmed presence of medical files means you must treat this breach as though your most sensitive personal health data is at risk.

The Doxxing and Identity-Chain Implications

Medical breaches rarely stop at stolen records. Attackers routinely cross-reference patient names and dates of birth with other leaked datasets to build complete identity profiles. A single orthopedic visit can link your real name to home address, employer, and family members. Once those connections exist, credential leaks from unrelated services can be used to hijack email, banking, or social-media accounts. Gaming accounts belonging to you or your children are especially vulnerable because kids often reuse passwords or email addresses tied to family medical paperwork. These chains accelerate doxxing: an attacker who starts with a medical record can quickly locate social profiles, phone numbers, and even children’s usernames across Fortnite, Roblox, or Discord. DoxxScan by GalaxyWarden continuously monitors 15.4 billion breach records across more than 100 platforms and uses AI-powered identity-chain mapping to reveal exactly which handles connect back to your household.

Anubis Ransomware Group Track Record

Public reporting attributes the emergence of Anubis to late 2024. The group has targeted healthcare providers, small-to-medium businesses, and municipal organizations across the United States and Europe. Notable prior victims include regional hospitals and specialty clinics whose patient data appeared on the same leak site. Anubis typically gains initial access through phishing or exploited remote-desktop services, exfiltrates documents before deploying ransomware, then posts samples and demands payment within a short window. Their playbook emphasizes speed: data appears online within days of initial contact if the victim does not pay. The Casper Orthopedics listing fits this pattern exactly.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup of Warden to remove what you can.
  • Enable continuous DoxxScan monitoring so the next breach exposing your family’s data is caught and acted on within hours rather than months.
  • Rotate any password you have ever used at Casper Orthopedics or associated patient portals anywhere it is reused, and switch to 2FA through an authenticator app instead of SMS.
  • Cover the entire household because DoxxScan family coverage extends to dependents and children’s gaming accounts that often chain back to the same address or parent email.
  • Let remediation specialists handle ongoing takedown requests across data brokers and leak sites so you do not have to chase every new appearance yourself.

The Casper Orthopedics breach is another reminder that healthcare providers remain high-value targets and that one clinic’s security failure can expose entire families for years. Acting quickly on the credentials and links already circulating can limit the damage before criminals stitch your medical history into larger identity-theft campaigns. Start your DoxxScan trial today to gain both visibility into existing exposures and hands-on help cleaning them up.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.