The threat actor Sarcoma is demanding a ransom of $200,000 from Sanderling, a US-based healthcare provider specializing in dialysis services, threatening to release a dataset containing decades of sensitive patient information, including PHI, full names, and identification documents. The stolen archive includes comprehensive health records, personal data, and company files, with the potential to be sold or publicly disclosed, impacting the USA.
Incident Details
- Victim: Sanderling
- Country: US
- Actor: sarcoma
- Source:
- Discovered: 2025-07-03 12:22:04.598263
- Published: 2025-07-03 12:22:00.853037
Information
- Sanderling Renal Services is a leading healthcare provider specializing in dialysis and nephrology services for rural communities and home dialysis patients across the USA.
- The company utilizes advanced telemedicine technology and has over 25 years of experience in delivering specialized kidney care to underserved areas through a national network of licensed physicians.
- The dataset contains hundreds of thousands of personal records, including full PHI, phones, emails, addresses, SSNs, and more, accumulated over 25 years.
- Exclusive data available for purchase includes comprehensive Oracle database backups, Exchange PST files, and company documents such as passports and driverโs licenses.
- The leak involves approximately GB-sized data from the USA, containing sensitive and extensive personal information.
- The ransomware attack was carried out by the actor Sarcoma, demanding $200,000 in ransom.
Disclaimer: This post is based on public claims made by the ransomware group "sarcoma". I cannot confirm the accuracy of the information. However, I would be happy to share any official statement from the affected organization to provide clarification.