Skip to content
Tips
Support
Sign In Subscribe
Data Breaches

Canadian Clinic WELL Health Kensington Medical Centres Allegedly Breached, 307,000 Patient Records Held to Ransom

 and  Dark Web Informer
10 min read
Breach Report Canada flagCanada Healthcare

Canadian Clinic WELL Health Kensington Medical Centres Allegedly Breached, 307,000 Patient Records Held to Ransom

A threat actor using the alias Kazu is extorting WELL Health Kensington Medical Centres (kmc.cortico.ca), a community medical clinic in Canada that provides family medicine, same-day appointments, virtual care, and specialist referrals to patients of all ages, operating as part of WELL Health Technologies on the Cortico platform. The actor claims to have stolen the personal data of 307,133 patients and is demanding a $70,000 ransom with a deadline of July 12, 2026, threatening to sell the data publicly if the clinic does not pay. The dataset's authenticity and scope are unverified.

Data307,133 patients
Demand$70K ransom
CountryCanada flagCanada
ActorKazu

Post details

TargetWELL Health Kensington Medical Centres
CountryCanada flagCanada
SectorHealthcare
Claim307,133 patients' PII stolen
PlatformWELL Health / Cortico (kmc.cortico.ca)
Demand$70,000 ransom
Deadline
Observed

!Allegedly affected

  • 307,133 patient records (claimed)
  • Primary-care clinic patient PII
  • Patients of all ages
  • Family medicine / virtual care
  • $70,000 ransom demand
  • Deadline: Jul 12, 2026
  • Pay-or-sell extortion
  • Fields not itemized in post

Screenshot

WELL Health Kensington Medical Centres data breach forum post screenshot, June 2026 Screenshot 1 Redacted preview

Potential impact

This is a critical-tier incident because it targets a healthcare provider, exposing the data of hundreds of thousands of patients. Patient information held by a primary-care clinic is inherently sensitive, typically linking identity and contact details to a medical context, and the clinic states it serves patients of all ages, so the affected population may include children and other vulnerable individuals. The post does not itemize the exposed fields, but any confirmed exposure of clinic patient data would create risks of medical identity theft, insurance and prescription fraud, targeted extortion of patients, and serious privacy harm, with effects that cannot be undone by changing a password. The double-extortion framing (pay or the data is sold) raises the likelihood of public exposure if the deadline passes. No patient data, sample records, or attacker contact details are reproduced here. Authenticity and scope are unverified.

iStatus

Unverified

The actor posted an extortion notice with a ransom demand, a deadline, and links to samples and contact channels; the samples and the attacker's contact details are not reproduced here. This listing matches a series of near-identical healthcare extortion posts by the same actor, several targeting Latin American providers, now extending to Canada. The claim has not been independently confirmed and WELL Health / Kensington Medical Centres has not publicly addressed it. The figure of 307,133 patients is notably large for a single community clinic and should be treated with caution pending verification.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest