Gastroenterology & Hepatology Listed by LeakBazaar Ransomware Group
Full database for sale — 167,303 patients, 124,761 SSN, 49,798 with sensitive diagnoses: - 167,303 patients — 124,761 with SSN, 166,402 (99%) with address, 164,296 (98%) with phone, 85,318 (51%) with email - 1,093,863 diagnoses (ICD-10), 1,547,142 medications, 186,246 pathology specimens with narrative reports - Sensitive (dx + meds): 49,798 patients — 44,861 with SSN. Mental health: 43,902 | Substance/Alcohol: 5,111 | STIs: 2,779 | Cancer: 2,708 | Hepatitis C: 1,906 - Includes notable individuals (politicians, business people, public figures)
On April 17, 2026, the ransomware group LeakBazaar listed a full database from a gastroenterology and hepatology practice containing records for 167,303 patients, including 124,761 Social Security numbers and sensitive medical diagnoses for nearly 50,000 people.
Confirmed Facts from Reporting
Public reporting indicates the attacker exfiltrated internal files during a ransomware incident and has now placed the entire dataset for sale on its leak site. The exposed information covers 167,303 patients, of whom 124,761 have SSNs, 166,402 (99%) have addresses, 164,296 (98%) have phone numbers, and 85,318 (51%) have email addresses.
The database also includes 1,093,863 diagnoses coded in ICD-10, 1,547,142 medication records, and 186,246 pathology specimens accompanied by narrative reports. Among these, 49,798 patients—44,861 of them with SSNs—carry diagnoses or medications flagged as sensitive. The breakdown of sensitive cases includes mental health conditions for 43,902 patients, substance or alcohol issues for 5,111, STIs for 2,779, cancer for 2,708, and hepatitis C for 1,906. Available reporting notes that the records contain information on notable individuals including politicians, business leaders, and other public figures.
Why This Matters for You and Your Family
When a medical provider loses control of this volume of personal and health data, the risk extends far beyond the clinic. Your name, address, phone number, email, SSN, and exact medical history can be purchased in one transaction. That combination allows identity thieves to open accounts, file fraudulent tax returns, or impersonate you with insurers. For families, the exposure can affect every member listed in a shared household record.
Medical details add another layer of harm. Employers, landlords, or even acquaintances who obtain the data could learn about mental health treatment, substance use disorders, cancer diagnoses, or infectious diseases. This information cannot be changed like a password. Once it circulates, you and your family live with the permanent possibility that someone will use it against you.
The Doxxing and Identity-Chain Implications
Credential leaks of this scale rarely stop at the initial breach. Attackers and downstream buyers routinely link the exposed emails, phones, and addresses to usernames on social media, gaming platforms, and shopping sites. A single match can reveal your children’s gaming accounts, family photos, or home address within hours. Public reporting describes these chains as “doxxing pipelines” that turn one records leak into long-term harassment or targeted scams.
Because the dataset includes both adult and dependent records, children’s information is also at risk. Gaming handles tied to a parent’s email or phone can be located quickly, exposing younger family members to account takeovers or real-world contact. The same identity chain that links your medical file to your social profiles can link your child’s gaming activity back to your physical doorstep.
LeakBazaar’s Publicly Known Track Record
Public reporting attributes LeakBazaar with emerging in late 2024 as a ransomware operation that emphasizes rapid data publication when victims refuse payment. The group has listed healthcare providers, municipal governments, and private corporations in prior incidents. Its typical playbook involves initial access through phishing or exploited remote desktop services, followed by exfiltration of sensitive databases, then dual extortion: demanding ransom to prevent publication and offering the data for sale on its dedicated leak site if the deadline passes. Exact prior victim counts remain under active investigation, but available reporting consistently places LeakBazaar among mid-tier ransomware actors focused on volume and speed rather than prolonged negotiation.
What to do
- Run a DoxxScan to map every link between your emails, phones, addresses, and online handles so you can see exactly what chains exist right now.
- Rotate the password used at the gastroenterology practice anywhere it is reused, and switch on 2FA through an authenticator app rather than text messages.
- Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak that touches your family is caught in hours, not months.
- Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts that often chain back to the same contact details.
- Let DoxxScan remediation specialists handle takedown requests across data brokers and exposed records while you focus on securing your own accounts.
The most effective defense is early visibility and rapid action before criminals complete the identity chain. Start your DoxxScan trial today and let its continuous monitoring, AI-powered identity-chain mapping, and hands-on remediation specialists work for you and your family—including protection for children’s gaming accounts that credential leaks like this one so easily expose. Source: LeakBazaar leak site (via ransomware.live)
Related breaches
Aesthetic Surgical Images Listed by incransom Ransomware Group
Aesthetic Surgical Images, a plastic surgery practice based in Omaha, NE, has been serving patients …
Baraga County Memorial Hospital Listed by Wallstreet Ransomware Group
Baraga County Memorial Hospital is a critical access hospital serving Baraga County with emergency, …
East Texas Family Medicine Listed by genesis Ransomware Group
A healthcare organization…
A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.
⚠ Were you in this breach?
Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.
Check my email — free →