Ransomware Group: WORLDLEAKS

VICTIM NAME: Coalinga Regional Medical Center

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the WORLDLEAKS Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Coalinga Regional Medical Center, a healthcare institution located in Coalinga, California, United States. The facility provides essential medical services including emergency care, diagnostic imaging, surgical procedures, and rehabilitation. Despite ongoing financial challenges, the organization continues to serve the local community’s healthcare needs. The leak was discovered on July 21, 2025, and was publicly accessible through a dark web platform dedicated to information leaks related to ransomware attacks. The page features a screenshot of internal documents, indicating data compromise and potential exposure of sensitive medical information. Additionally, it mentions that the breach involves information-stealer malware, although specific details are not disclosed. The leak underscores the importance of cybersecurity measures in protecting healthcare data from malicious actors.

The leak page includes a visual screenshot highlighting internal documents or system interfaces, suggesting successful extraction of electronic records. While no explicit download links were provided, the presence of a dedicated claim URL implies affected data may include patient or operational information. The healthcare provider’s activity focuses on medical care, and the breach site is hosted on a dark web platform under the group name “worldleaks.” The incident emphasizes the growing threat of cyberattacks targeting critical infrastructure such as healthcare facilities. The organization’s ongoing operations amidst financial difficulties highlight the critical need for robust cybersecurity protocols to safeguard patient confidentiality and operational continuity in the face of evolving cyber threats.