KillSec Ransomware Strikes Brazilian Healthcare Provider, Exposing Patient Data
Ddos 
Image: Resecurity
Resecurity has reported that KillSec ransomware has targeted MedicSolution, a key healthcare software provider in Brazil, compromising over 94,000 files containing sensitive patient data.
According to Resecurity, βThe notorious ransomware group KillSec claimed responsibility for a cyberattack on MedicSolution, a software solutions provider for the healthcare industry in Brazil. The group has threatened to leak sensitive data unless negotiations are initiated promptly.β
By striking an IT vendor rather than a single institution, KillSec multiplied its impact. Resecurity explains: βBy attacking a major element of the healthcare IT supply chain, KillSec ransomware actors quadrupled their results compared to an attack against an individual target.β
The scale of the stolen data is alarming. Resecurity reports: βThe total volume of stolen data exceeds 34 GB, containing over 94,818 files.β The compromised data includes medical evaluations, lab results, X-rays, unredacted patient photos (including minors), and sensitive medical assessments .
Resecurity researchers confirmed the exposure by contacting several patients: βNone of whom was aware of this incident as of today.β
Brazil is not alone. KillSec has launched a wave of attacks across Latin America and the U.S. Resecurity notes: βKillSec ransomware actors also targeted healthcare institutions in Colombia, Peru, and the United States a few days before Brazil.β Victims include Archer Health (USA), Suiza Lab (Peru), GoTelemedicina (Colombia), and eMedicoERP (Colombia) .
In addition, KillSec previously leaked data from Doctocliq, a Peruvian healthcare platform serving 3,500 doctors in over 20 countries. The groupβs activities have also extended outside healthcare, with past breaches affecting organizations in the UAE and the U.S.
Resecurityβs investigation found that KillSec exploited weak cloud security rather than advanced intrusion. βResecurity was able to conduct an investigation based on available artifacts and locate stolen files stored in exposed AWS cloud buckets.β Alarmingly, βat the time of the ransomware claims, the issue had not been contained and the data remained vulnerable to remote exfiltration.β
The findings have been shared with CERT.br and Brazilβs Autoridade Nacional de Proteção de Dados (ANPD) for containment and enforcement.
With tens of thousands of medical files now in the hands of cybercriminals, and potential hack-and-leak operations looming, healthcare providers must urgently strengthen cloud security controls, vendor audits, and incident response capabilities.
Related Posts:
- Apple Forced: Third-Party Apps Coming to Brazilian iOS
- Healthcare Domain a Hotcake for Hackers
- Data of Over 100 Million Individuals Exposed in Change Healthcare Cyberattack
- Resecurity: Nuclear energy, oil and gas are top targets for ransomware groups in 2024
- Brazilian Banking Malware Targets Spain: An Emerging Cyber Threat Landscape
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
