Ransomware Group: INCRANSOM

VICTIM NAME: GARDNER ORTHOPEDICS

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak involves Gardner Orthopedics, a healthcare provider based in Fort Myers, Florida, specializing in orthopedic medical services such as surgery, regenerative medicine, and rehabilitation for musculoskeletal conditions. The attack was discovered on May 15, 2025, approximately 48 minutes after its initial detection. The breach appears to target a healthcare organization that serves adult patients and focuses on maintaining patients’ mobility and activity levels. The leak indicates a compromise on the organization’s data, potentially including sensitive patient or operational information, although specific details are not disclosed publicly. The ransomware group has published a screenshot of what appears to be internal documents or sources related to the victim’s operations, emphasizing the severity of the breach and possibly threatening further data exposure or misuse.

The leak page does not provide explicit details of the compromised data but suggests that confidential information from the healthcare organization has been accessed. The compromised data could include patient records, medical details, or internal communication, although no explicit PII is publicly disclosed. The leak and attack highlight the vulnerability of healthcare providers to cyber threats, especially those handling sensitive health information. Customers and stakeholders are advised to remain vigilant. No specific URLs or download links are provided within public disclosures, but the presence of a screenshot indicates the attacker has access to visual documentation of internal sources. The attack underscores the importance of robust cybersecurity measures within healthcare environments to protect patient privacy and organizational integrity.