{"id":2756,"date":"2025-09-10T17:57:55","date_gmt":"2025-09-10T17:57:55","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/09\/10\/killsec-ransomware-hits-brazilian-healthcare-it-vendor\/"},"modified":"2025-09-10T17:57:55","modified_gmt":"2025-09-10T17:57:55","slug":"killsec-ransomware-hits-brazilian-healthcare-it-vendor","status":"publish","type":"post","link":"http:\/\/ft365.org\/index.php\/2025\/09\/10\/killsec-ransomware-hits-brazilian-healthcare-it-vendor\/","title":{"rendered":"KillSec Ransomware Hits Brazilian Healthcare IT Vendor"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>A ransomware attack claimed by the group KillSec has disrupted MedicSolution, a software provider serving Brazil\u2019s healthcare sector.<\/p>\n<p>On September 8 2025, the hackers reportedly threatened to leak stolen data unless negotiations were initiated.<\/p>\n<p>According to a new advisory by Resecurity, the breach could affect a wide range of medical providers and patients, given MedicSolution\u2019s central role in the healthcare supply chain.<\/p>\n<h2>Supply Chain Breach and Data Exposure<\/h2>\n<p>By targeting a software vendor instead of a single clinic, the attackers expanded their reach dramatically.<\/p>\n<p>Resecurity stated that the group obtained more than 34 GB of data\u00a0comprising 94,818 files, including:<\/p>\n<ul>\n<li>\n<p>Medical evaluations<\/p>\n<\/li>\n<li>\n<p>Lab results<\/p>\n<\/li>\n<li>\n<p>X-rays<\/p>\n<\/li>\n<li>\n<p>Unredacted patient photos, including body images<\/p>\n<\/li>\n<li>\n<p>Records related to minors<\/p>\n<\/li>\n<\/ul>\n<p>The stolen files appear to involve institutions such as Vita Exame, Clinica Especo Vida, Centro Diagnostico Toledo, Labclinic\u00a0and Laborat\u00f3rio Alvaro.<\/p>\n<p><em>Read more on healthcare data breaches: Healthcare Sector Takes 58 Days to Resolve Serious Vulnerabilities<\/em><\/p>\n<p>KillSec has previously targeted Brazilian entities, leaking personal and financial data from government systems. The latest incident, however, strikes directly at healthcare operations. Stolen medical records can be used for extortion, causing harm to both providers and patients.<\/p>\n<p>According to Resecurity, the data was not taken through a complex hack but was left exposed in misconfigured AWS cloud buckets.<\/p>\n<p>The exposure highlights persistent gaps in incident response and monitoring across the sector.<\/p>\n<p>Despite outreach from investigators, MedicSolution has not issued a public response.<\/p>\n<h2>Wider Campaign and Regulatory Context<\/h2>\n<p>The attack is part of a broader campaign in Latin America and beyond. In recent weeks, KillSec has claimed responsibility for breaches at Archer Health in the US, Suiza Lab in Peru, and Colombian providers GoTelemedicina and eMedicoERP.<\/p>\n<p>One month earlier, the group leaked data from Doctocliq, a Peruvian platform serving more than 3500 doctors in 20 countries.<\/p>\n<p>Healthcare organizations in Brazil are bound by the Lei Geral de Prote\u00e7\u00e3o de Dados (LGPD), which classifies health data as sensitive and requires strong safeguards, explicit consent and breach reporting within three business days.<\/p>\n<p>The Autoridade Nacional de Prote\u00e7\u00e3o de Dados (ANPD) enforces compliance and has issued fines totaling over BRL 98 million ($20m USD) across all sectors since 2023, with healthcare among the hardest hit.<\/p>\n<p>Resecurity warned that KillSec may still be preparing further disclosures in Brazil, underlining the sector\u2019s ongoing vulnerability to cybercrime.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A ransomware attack claimed by the group KillSec has disrupted MedicSolution, a software provider serving Brazil\u2019s healthcare sector. On September 8 2025, the hackers reportedly threatened to leak stolen data unless negotiations were initiated. According to a new advisory by Resecurity, the breach could affect a wide range of medical providers and patients, given MedicSolution\u2019s<\/p>\n","protected":false},"author":2,"featured_media":2757,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2756","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae.jpg",300,300,false],"thumbnail":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae-150x150.jpg",150,150,true],"medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae.jpg",300,300,false],"medium_large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae.jpg",300,300,false],"large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae.jpg",300,300,false],"1536x1536":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae.jpg",300,300,false],"2048x2048":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae.jpg",300,300,false],"morenews-featured":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae.jpg",300,300,false],"morenews-large":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae.jpg",300,300,false],"morenews-medium":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae.jpg",300,300,false],"crawlomatic_preview_image":["http:\/\/ft365.org\/wp-content\/uploads\/2025\/09\/2756-c9ea190c-3805-4fc8-a60a-9722e40b60ae-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"http:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"http:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2756","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=2756"}],"version-history":[{"count":0,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/2756\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/2757"}],"wp:attachment":[{"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=2756"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=2756"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=2756"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}