Ransomware Group: INCRANSOM

VICTIM NAME: arkansasprimarycare[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the INCRANSOM Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Arkansas Primary Care Clinic PA, a healthcare provider based in Little Rock, Arkansas, operating within the Hospitals & Physicians Clinics industry. The incident was discovered on April 24, 2025, with the breach initially identified at 11:32 AM on the same day. The leak involves sensitive data, including detailed employee contact information and internal data, which has reportedly been compromised. The total stolen data volume is approximately 370GB, indicating a significant breach of internal records and potentially patient-related information. The leak exposes various contact details within the organization, highlighting the critical impact on employee privacy and organizational integrity. The incident underscores the ongoing threat to healthcare organizations, which are often targeted for their valuable and sensitive information. No explicit PII of patients or clients appears publicly listed, but the breach emphasizes the importance of robust cybersecurity measures. The ransomware group has shared a screenshot of internal documents related to the victim, suggesting they may have accessed extensive staff records. The victim’s website is linked, and the threat actor’s group has made this information publicly available, possibly for leverage or extortion purposes.

The leak includes a public link, and the threat actor claims to have stolen a significant amount of data, including employee files and operational information. The compromised data could pose risks such as identity theft, phishing, or further targeted attacks. Although the specific details of the stolen content are not fully disclosed, the presence of a screenshot depicting internal documents indicates a breach of confidential organizational data. The incident demonstrates the ongoing danger faced by healthcare providers from cybercriminal groups seeking financial gains through ransomware. The breach impacts the organization’s reputation and operational security, emphasizing the need for continual cybersecurity vigilance. The threat group has not released lock or encryption details publicly, but the leak reveals the scale of the breach and potential exposure of sensitive workplace data.