Skip to content
Tips? Soon
Support
Sign In Subscribe
Data Breaches

Argentine Telemedicine Platform ConsultorioMovil Allegedly Breached, 1.73 TB Held to Ransom

 and  Dark Web Informer
9 min read
Breach Report Argentina flagArgentina Healthcare

Argentine Telemedicine Platform ConsultorioMovil Allegedly Breached, 1.73 TB Held to Ransom

A threat actor using the alias Kazu is extorting ConsultorioMovil (consultoriomovil.net), a telemedicine and healthcare platform owned by Grupo Cormos (Cormos S.A.), an Argentine health-tech company. The platform provides appointment scheduling, electronic medical records, and online video and messaging telemedicine consultations for doctors, clinics, and medical professionals. The actor claims to have stolen a ~1.73 TB dataset of more than 2 million files and is demanding a $200,000 ransom with a deadline of July 7, 2026, threatening to sell the data publicly if the company does not pay. Because the platform handles clinical documentation and patient communications, the dataset would be expected to contain highly sensitive patient health information. The dataset's authenticity and scope are unverified.

Data1.73 TB
Demand$200K ransom
CountryArgentina flagArgentina
ActorKazu

Post details

TargetConsultorioMovil / Grupo Cormos (consultoriomovil.net)
CountryArgentina flagArgentina
SectorHealthcare / HealthTech
Claim1.73 TB / 2M+ files stolen
DataTelemedicine & EMR data
Demand$200,000 ransom
DeadlineJul 7, 2026
ActorKazu

!Allegedly affected

  • 2,000,000+ files (claimed)
  • 1.73 TB total size
  • Electronic medical records
  • Clinical documentation
  • Appointment scheduling data
  • Telemedicine consultations
  • Patient communications
  • Practice administration data

Screenshot

ConsultorioMovil Argentina alleged breach Screenshot 1 Screenshot 1 Redacted preview

Potential impact

This is a critical-tier incident because it targets a telemedicine and EMR platform, meaning the stolen data would be expected to include protected health information: patient identities, clinical records and diagnoses, prescriptions, appointment and telemedicine histories, and doctor-patient communications. Health data is among the most sensitive and most damaging categories to expose, enabling medical identity theft, insurance fraud, targeted extortion of patients, and serious privacy harm, with effects that cannot be undone by changing a password. The double-extortion framing (pay or the data is sold) also raises the likelihood of public exposure if the deadline passes. No patient records, sample data, or attacker contact details are reproduced here. Authenticity and scope are unverified.

iStatus

Unverified

The actor posted an extortion notice with a ransom demand, a deadline, and links to samples and contact channels; the samples, the attacker's contact details, and any patient data are not reproduced here. This follows a near-identical listing by the same actor against another regional healthcare platform. The claim has not been independently confirmed and ConsultorioMovil / Grupo Cormos has not publicly addressed it.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest