Qilin – the “no regrets” ransomware crew wreaking havoc on the global healthcare industry – just claimed responsibility for fresh attacks on a cancer treatment clinic in Japan and a women’s healthcare facility in the US.

Qilin is the same group responsible for multiple attacks on healthcare orgs across the globe including one that locked up pathology labs across NHS facilities in the UK for weeks, and its spokesperson once famously told The Reg in an interview that it had no regrets, even after seeing the extensive disruption it caused to people’s healthcare.

On Monday, it took credit for locking up systems at Japan’s Utsunomiya Central Clinic (UCC), which confessed it had been attacked by ransomware flingers on February 18. Along with its boasts, Qilin published a sample of what it claims is stolen clinic data.

The gang claims to have stolen 140 GB of files, which, judging by the leaked sample, include patients’ personally identifiable information (PII), medical histories, treatment details, and images from scans and exploratory procedures.

Cancer patient forced to make terrible decision after Qilin attack on London hospitals

READ MORE

Then on Tuesday, Qilin claimed responsibility for an attack on Rockhill Women’s Care, an all-female-owned obstetrics and gynecology facility in Kansas City.

As with UCC, the cyber crooks leaked a sample of the alleged total 20 GB of stolen documents online, including what appear to be patients’ full names, ages, home addresses, phone numbers, their insurance companies, partial medical histories, treatment information, and details of current conditions. 

Some documents covered medical test results and listed individuals’ medical conditions, which in some cases were extensive. A number of documents also detailed contraception procedures for people as young as 16.

UCC’s woes began on February 10, per its disclosure, when it imposed temporary restrictions on medical services, but it later confirmed the incident involved ransomware and the personal data of around 300,000 patients was compromised.

The clinic said the targeted system contained personal data on both patients and staff, including doctors, nurses, and non-clinical employees.

At the time of writing, Rockhill hadn’t officially disclosed its ongoing issues as a cybersecurity event. It alerted its social media followers to an unscheduled closure of its facilities last week owing to “technical difficulties.” 

That closure lasted two days – it reopened on February 27 but warned those technical difficulties were still unresolved. 

Its website still displays a banner reading: “We are open and seeing patients for scheduled appointments. We are still working through technical issues and appreciate your patience,” but there is nothing that publicly acknowledges the alleged data theft.

Qilin is the same group behind the attack on NHS pathology services supplier Synnovis last year, the attack which led to thousands of rescheduled procedures and in one severe case, as The Register reported, cancer patients being left with incomplete treatments.

Among its other high-profile attacks is the one on social enterprise The Big Issue, a company set up to help homeless people, or those on the brink of homelessness, earn money that can help them reintegrate into society. 

The gang is staffed by cybercriminals believed to be based in Russia, who belong to a sect of scumbags willing to steal and extort from critical services like cancer treatment centers, and plaster patients’ most sensitive secrets online.

Even the likes of LockBit, one of the most prolific ransomware organizations in history, was known to exercise its moral compass on occasion. It apologized for attacks on Toronto children’s hospital SickKids and Olympia Community Unit School District 16 in years gone by, claiming an affiliate went rogue and broke internal rules.

A Chicago children’s hospital LockBit hit in a separate attack last year wasn’t given the same reprieve.

The shock factor of ransomware attacks is generally quite low nowadays, except in cases where the impact on wider society is much more severe than usual, or if you’re the business owner who has had their systems breached.

But in cases involving children, charities, healthcare, and other sensitive organizations that lead to data leakage, such attacks tend to attract significantly more criticism and calls for reversal – calls that are rarely answered.

Qilin’s growing list of attacks involving these types of sensitive organizations won’t help its chances of evading law enforcement’s disruption efforts, which have reportedly been in the planning stages for months. ®