Skip to content
Tips? Soon
Support
Sign In Subscribe
Data Breaches

Colombian Healthcare Platform SaludTools Allegedly Breached, 2.3 TB of Records Held to Ransom

 and  Dark Web Informer
9 min read
Breach Report Colombia flagColombia Healthcare

Colombian Healthcare Platform SaludTools Allegedly Breached, 2.3 TB of Records Held to Ransom

A threat actor using the alias Kazu is extorting SaludTools (saludtools.com), a Colombian health-tech company that provides a cloud-based practice-management and electronic medical record (EMR/EHR) platform for physicians, clinics, and healthcare professionals. The actor claims to have stolen a ~2.3 TB dataset of roughly 4.6 million files and is demanding a $400,000 ransom with a deadline of July 7, 2026, threatening to sell the data publicly if the company does not pay. Because the platform handles clinical documentation, appointments, telemedicine, billing, and regulatory reporting, the dataset would be expected to contain highly sensitive patient health information. The dataset's authenticity and scope are unverified.

Data2.3 TB
Demand$400K ransom
CountryColombia flagColombia
ActorKazu

Post details

TargetSaludTools (saludtools.com), EMR/EHR platform
CountryColombia flagColombia
SectorHealthcare / HealthTech
Claim2.3 TB / ~4.6M files stolen
DataEMR/EHR & practice-management data
Demand$400,000 ransom
DeadlineJul 7, 2026
ActorKazu

!Allegedly affected

  • ~4,599,294 files (claimed)
  • 2.3 TB total size
  • Electronic medical records (EMR/EHR)
  • Clinical documentation
  • Appointments & telemedicine data
  • Billing & insurance records
  • Regulatory reporting data
  • Patient engagement data

Screenshot

SaludTools Colombia alleged breach Screenshot 1 Screenshot 1 Redacted preview

Potential impact

This is a critical-tier incident because it targets a healthcare EMR/EHR platform, meaning the stolen data would be expected to include protected health information: patient identities, clinical records and diagnoses, appointment and telemedicine histories, and billing and insurance details. Health data is among the most sensitive and most damaging categories to expose, enabling medical identity theft, insurance fraud, targeted extortion of patients, and serious privacy harm, with effects that cannot be undone by changing a password. The double-extortion framing (pay or the data is sold) also raises the likelihood of public exposure if the deadline passes. No patient records, sample data, or attacker contact details are reproduced here. Authenticity and scope are unverified.

iStatus

Unverified

The actor posted an extortion notice with a ransom demand, a deadline, and links to samples and contact channels; the samples, the attacker's contact details, and any patient data are not reproduced here. The claim has not been independently confirmed and SaludTools has not publicly addressed it.

Want the non-redacted screenshots? Paid subscribers get all of the claim details and unredacted screenshots. Check out the threat feed or ransomware feed (whichever applies to this post), then after subscribing, search there for this alert to view the unredacted version. View pricing →

DARK WEB INFORMER - THREAT INTELLIGENCE

Related

Latest