KillSec Ransomware is Attacking Healthcare Institutions in Brazil

KillSec Ransomware claimed responsibility for a cyberattack on MedicSolution, a software solutions provider for the healthcare industry in Brazil. The KillSec Ransomware group has threatened to leak sensitive data unless negotiations are initiated promptly. According to threat intelligence reporting by Resecurity, the root cause of the incident was data exfiltration from an insecure AWS S3 bucket. Considering the investigation performed by cybersecurity experts, the window of exposure can be estimated at ‘several months.’ This is probably the first notable supply chain incident affecting the healthcare industry in Brazil.

Unfortunately, this time KillSec Ransomware hit Brazil hard. Stolen healthcare data contain sensitive laboratory results reports, medical assessments, and other privacy-sensitive information. Resecurity identified several patients and contacted them – none of whom were aware of this incident as of today. Cybercriminals use stolen data from healthcare institutions for extortion, understanding that it will cause significant damage not only to the victim organization but also to its end customers, with numerous patients not expecting their information to be published online.

The total volume of stolen data exceeds 34 GB, containing over 94,818 files. The compromised data include:

• Medical evaluations
• Medical lab results
• X-rays
• Unredacted patient pictures, including those showing body parts
• Records related to minors

To read the complete article see: Read more.