Skip to content
Tips? Soon
Support
Sign In Subscribe
Data Breaches

Argentine Telemedicine Platform Meducar Allegedly Breached, 3.1 Million Patient Records Held to Ransom

 and  Dark Web Informer
10 min read
Breach Report Argentina flagArgentina Healthcare

Argentine Telemedicine Platform Meducar Allegedly Breached, 3.1 Million Patient Records Held to Ransom

A threat actor using the alias Kazu is extorting Meducar (meducar.com), a Latin American telemedicine and patient-management platform owned by Grupo Cormos, an Argentine health-tech company. The platform provides appointment scheduling, electronic health records, clinical-history management, electronic prescriptions, and telemedicine for doctors and clinics. The actor claims to have stolen the personal data of 3,197,677 users and is demanding a $150,000 ransom with a deadline of July 9, 2026, threatening to sell the data publicly if the company does not pay. The exposed fields reportedly include patients' names, emails, gender, date of birth, nationality, marital status, home address, city, phone and WhatsApp numbers, profession, health-insurance (obra social) coverage and member numbers, and religion. The dataset's authenticity and scope are unverified.

Data3.1M users
Demand$150K ransom
CountryArgentina flagArgentina
ActorKazu

Post details

TargetMeducar / Grupo Cormos (meducar.com)
CountryArgentina flagArgentina
SectorHealthcare / HealthTech
Claim3,197,677 users' PII stolen
DataPatient PII + health insurance + religion
Demand$150,000 ransom
DeadlineJul 9, 2026
ActorKazu

!Allegedly affected

  • 3,197,677 user records (claimed)
  • Full names & emails
  • Date of birth & gender
  • Home address & city
  • Phone, WhatsApp & ref numbers
  • Health insurance & member numbers
  • Nationality, marital status, profession
  • Religion (special-category data)

Screenshot

Meducar Argentina alleged breach Screenshot 1 Screenshot 1 Redacted preview

Potential impact

This is a critical-tier incident because it targets a telemedicine and patient-management platform, exposing the data of millions of patients. The records reportedly combine full identity data (names, dates of birth, home addresses, contact and WhatsApp numbers) with health-related information (health-insurance coverage and member numbers, in the context of a platform holding clinical histories and prescriptions) and special-category data including religion. Health data and religion are among the most sensitive and most damaging categories to expose, enabling medical identity theft, insurance fraud, targeted extortion of patients, discrimination, and serious privacy harm, with effects that cannot be undone by changing a password. The double-extortion framing (pay or the data is sold) raises the likelihood of public exposure if the deadline passes. No patient records, sample data, or attacker contact details are reproduced here. Authenticity and scope are unverified.

iStatus

Unverified

The actor posted an extortion notice with a ransom demand, a deadline, and links to samples and contact channels; the samples, the attacker's contact details, and any patient data are not reproduced here. This is the latest in a series of near-identical healthcare extortion listings by the same actor, including against another Grupo Cormos platform. The claim has not been independently confirmed and Meducar / Grupo Cormos has not publicly addressed it.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest