A Dangerous Cyberattack on Healthcare

Brazil’s healthcare industry has been hit hard by a dangerous cyberattack. A ransomware group known as KillSec has claimed responsibility for breaking into the systems of MedicSolution, a company that provides software to hospitals and clinics in the country. The attackers say they have stolen sensitive medical information and threaten to release it online unless victims start talks quickly.

Cybersecurity experts who studied the case revealed that attackers took the data from an insecure storage system hosted on Amazon’s cloud services. The experts believe the attackers exposed the information for several months before anyone noticed the breach. This makes the incident one of the most serious supply chain breaches Brazil’s healthcare sector has ever faced.

The stolen data includes more than 34 gigabytes of files, totaling almost 95,000 documents. These files contain highly sensitive medical records, lab results, X-rays, and even unredacted patient photographs. Some of the stolen pictures show body parts, and records of children are also included.

Resecurity, a cybersecurity firm monitoring the incident, identified several patients in the stolen files. The firm contacted those patients, but they did not know their private information had been compromised. The attack shows that ransomware groups not only target organizations but also directly harm innocent people who never expect their medical data to appear online.

Brazil Not the First Target

This is not the first time that KillSec has attacked Brazil. In the past, the same group leaked personal and business data that included financial identifiers, bank details, and government-related information.

However, this time the attack on MedicSolution has shown that the group can cause serious damage. Unlike earlier breaches that targeted government resources, the current incident involves the private healthcare sector. Sensitive medical data, especially lab results and health assessments, is far more personal and harmful when exposed.

How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?

KillSec has also been expanding its operations outside Brazil. Just days before this latest attack, the group announced that it had successfully compromised healthcare providers in Colombia, Peru, and the United States. The list of victims included organizations such as Archer Health in the U.S., Suiza Lab in Peru, and GoTelemedicina and eMedicoERP in Colombia.

A month earlier, KillSec also leaked data from Doctocliq, a healthcare software platform in Peru that works with thousands of doctors across more than 20 countries. The group has not limited itself to healthcare alone.

Brazil’s Data Protection Laws and Penalties

Brazil has strict laws to protect personal data, especially health records. The country’s main regulation is the Lei Geral de Proteção de Dados (LGPD), or General Data Protection Law, which came into full effect in 2020. Under this law, health-related information is considered “sensitive personal data.” That means organizations handling it must follow strict rules for storage, processing, and security.

The Autoridade Nacional de Proteção de Dados (ANPD), Brazil’s national data protection authority, enforces the law.  In 2024, the ANPD carried out a major audit of healthcare institutions across Brazil.

Bridgestone Hit by Suspicious Cyberattack as Operations Disrupted in US and Canada

The ANPD fined 15 healthcare organizations a combined BRL 12 million (about USD 2.4 million) during this audit for failing to use encryption and for lacking proper response plans in case of cyberattacks.

Since 2023, the ANPD has imposed over BRL 98 million (nearly USD 20 million) in fines across all sectors. Healthcare remains one of the most targeted industries, not only by hackers but also by regulators who have identified repeated weaknesses in protecting sensitive data.

The attack on MedicSolution shows how those weaknesses can be exploited by cybercriminals. With nearly 95,000 files stolen, the scale of this ransomware attack makes it one of the most damaging breaches in Brazil’s healthcare industry to date.