leaksear.ch indexed 80,361 records tied to Allure Clinics, with a breach date of September 16, 2025 (leaksear.ch metadata). Allure Clinics is a Riyadh medical-practices company offering cosmetic medical services, and the indexed dataset is described as data exfiltrated by KillSec from its BDtask hospital-management system, including patient names, phones, health or profile attributes and staff credential data (leaksear.ch metadata) (linkedin.com).
What happened
DeXpose reported on September 16, 2025 that KillSec claimed responsibility for a cyberattack on Allure Clinics in Saudi Arabia and threatened to release sensitive patient information (dexpose.io). HookPhish separately listed Allure Clinics as a KillSec ransomware target on the same date, with a healthcare-sector entry and the target domain allureclinics.com (hookphish.com).
Ransomware.live also lists Allure Clinics among KillSec victims discovered on September 16, 2025, and its group page describes KillSec as an active ransomware-as-a-service operation with healthcare among its top tracked sectors (ransomware.live). The public sources cited here confirm the KillSec claim or listing, but they do not identify an initial access method, ransom amount, Allure-issued confirmation, or an independently verified intrusion path.
The leaksear.ch metadata names the source system as a BDtask hospital-management system (leaksear.ch metadata). BDtask markets its HMS software for hospital and clinic operations, including patient management, appointments, prescriptions, billing, human resources, lab and pharmacy workflows, and hospital information system functions (bdtask.com).
What data was exposed
The searchable pivots indexed for this leak are country, name and phone (leaksear.ch metadata). Stored non-searchable fields include age, BMI, created date, family-name fields in English and Arabic, Arabic name, patient code, alternate phone, phone code, type, height, weight, and a field indicating how the patient knew the clinic (leaksear.ch metadata).
The metadata description also indicates that patient mobile data, vitals and staff credential data are present (leaksear.ch metadata). This article does not include raw leaked records, credential values, passwords, hashes, or sample patient data.
Why this matters
Names and phone numbers linked to a healthcare or cosmetic-clinic relationship can support targeted phishing, appointment scams, billing fraud attempts, and social engineering against patients or staff. Health-related attributes such as BMI, height, weight and patient codes increase the privacy risk because they can make lures more believable and help correlate a person across datasets (leaksear.ch metadata). Staff credential data, if valid or reused, can create account-takeover risk, but no credential details are published here. If you think you may be affected, check your exposure on leaksear.ch using the available country, name or phone pivots.
Check your exposure
Vetted researchers and incident-response teams can request access or sign in if they already have access to check this dataset. Searchable pivots for this leak include country, name, and phone.