338/68 Friday, September 12, 2025
The KillSec ransomware group has claimed responsibility for a cyberattack against MedicSolution, a Brazilian healthcare software provider, threatening to leak stolen data if negotiations are not initiated. According to a report by Resecurity, the incident stemmed from data exfiltration via an unsecured AWS S3 bucket, which had been left exposed for several months. This marks one of the most severe supply chain incidents affecting Brazil’s healthcare sector.
The stolen data amounts to over 34 GB across 94,818 files, including laboratory test results, medical assessments, X-rays, patient photos, and even data belonging to minors. These are classified as sensitive personal data and could be weaponized for blackmail and extortion, directly impacting both the organization and its patients.
KillSec has also expanded its attacks across Latin America and the United States, targeting organizations such as Archer Health (U.S.), Suiza Lab (Peru), GoTelemedicina and eMedicoERP (Colombia), and Doctocliq (Peru), the latter serving over 3,500 physicians in 20 countries. Healthcare is considered particularly vulnerable due to strict personal data protection regulations under Brazil’s LGPD law, which in 2024 led to penalties exceeding 12 million Brazilian reais (~USD 2.4 million) against healthcare institutions.
This incident underscores the high value of healthcare data on the dark web and highlights that the healthcare sector is becoming a prime target for ransomware groups.
Source https://securityaffairs.com/182063/cyber-crime/killsec-ransomware-is-attacking-healthcare-institutions-in-brazil.html
