WOUND Technology Network, known as Woundtech, a Florida-based mobile wound treatment provider, disclosed that unauthorized individuals accessed its systems between 6 December 2025 and 9 December 2025, with awareness of the intrusion on 2 January 2026.
FulcrumSec, a threat actor group, produced highly detailed analyses of the data tranche, which originally consisted of 6.7 terabytes in an S3 bucket, of which 335 GB were exfiltrated, categorized into two groups: complete Snowflake database exports and S3 bucket files.
Among the Snowflake exports, 2,266,857 rows covered clinical wound assessment notes, with 928,073 unique PATIENTID values; 86,377 named patients with full demographics were identified in NAMM_CAPDATA, and 3,523 insurance-claims patients were recorded in NAMMDATA. In the S3 portion, FulcrumSec reported about 178,886 files, roughly half being clinical wound photographs and PDFs.
FulcrumSec claimed the most reliable patient total was the 928,073 unique PATIENTID figures, spanning over four years of operations, while estimating hundreds of thousands more patients in the full dataset. FulcrumSec proposed redacting sensitive data before leaking it and offered to provide a proxy to perform redaction; Woundtech allegedly refused, deciding not to participate in the redaction process.
Woundtech issued a substitute notice on 16 March 2026 and notified the California Attorney General’s Office, with potential impacts listed as including names, dates of birth, contact details, clinical notes, PHI and limited SSNs. The incident has prompted questions about why Woundtech did not accept FulcrumSec’s redaction offer or the deletion option they advertised for affected patients.