Ransomware Group: MEDUSA

VICTIM NAME: Insightin Health

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the MEDUSA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On September 26, 2025, the Medusa ransomware group published a leak page targeting Insightin Health, a US-based healthcare payer technology provider. The page frames Insightin Health as a company that helps healthcare payers eliminate data silos and deliver consumer-centric experiences, noting its SaaS platform as the industry-leading solution for quickly creating a connected data ecosystem. The page lists the victim as employing about 45 staff members and includes a corporate address, though exact location details are redacted for privacy. The attackers claim to have exfiltrated 378 GB of data from the victim’s network, presenting this as a data leakage event rather than a traditional encryption-only incident. There is no explicit ransom amount disclosed on the page, and while a claim URL is indicated, the actual link is not shown here. The post date serves as the event date since no separate compromise date is provided in the metadata.

Media on the leak page is minimal: there are no screenshots or images, and no visible downloadable files or external links appear in the provided data. The page includes a human verification gate (a captcha) before access, indicating an effort to deter automated access. The narrative centers on Insightin Health’s business in the healthcare payer space, with the 378 GB figure signaling a substantial exfiltration, though the excerpt does not specify the data types stolen or any encryption status. The post date remains the primary temporal marker; no confirmed compromise date is stated beyond that posting timestamp.