[NOVA] – Ransomware Victim: Regency Specialist Hospital
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the NOVA Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
Regency Specialist Hospital, a tertiary care facility founded in 2009 and located in Bandar Seri Alam, Malaysia, is named as a ransomware victim in a leak post attributed to the threat actor group Nova. The hospital’s profile on the page describes its inpatient and outpatient services, supported by a full range of diagnostic, radiology, and clinical laboratory capabilities. The post frames Regency Specialist Hospital as the target of a data breach with data exfiltration, consistent with double-extortion-style campaigns common to modern ransomware operations. The page includes a claim URL intended for negotiation with the attackers and a gallery of internal images intended to document the breach; in total, the leak presents 30 image attachments described as screenshots or internal documents. The metadata provides a post date of October 16, 2025, and there is no explicit compromise date stated for Regency within the available excerpt, so the post date is used as the temporal reference for this entry. The surrounding content on the page references other victims and a broader data-leak timeline, which aligns with the actor’s published narrative.
The leak page’s evidence for Regency Specialist Hospital consists of a gallery of 30 images, described in general terms as screenshots or internal documents. The images are hosted on defanged, onion-style endpoints to prevent direct access. The post signals a negotiation channel via the claim URL and presents the event within a broader October 2025 window, consistent with ongoing disclosure activity common to Nova’s postings. While the Regency entry does not display a stated ransom amount in the available text, the page’s overall structure—victim profile, evidence gallery, and a negotiation link—reflects a typical ransomware data-leak post rather than a simple encryption notice. For incident responders, this suggests a potential data-exfiltration scenario affecting healthcare data, warranting routine diligence such as incident triage, asset and data mapping, and regulatory notification where applicable.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
