KillSec Ransomware Hits Brazilian Healthcare Software Provider
Summary
The KillSec ransomware group has claimed responsibility for a breach at MedicSolution, a Brazilian healthcare software and cloud-services provider. Researchers at Resecurity report more than 34GB of stolen data spanning over 94,000 files — including lab results, X-rays, unredacted patient images and records of minors. The root cause appears to be exposed or misconfigured AWS S3 buckets, with a potential exposure window stretching back months. Several patients contacted by researchers were unaware their data had been compromised.
Key Points
- Victim: MedicSolution, a cloud services provider for clinics and medical practices in Brazil.
- Data stolen: >34GB and 94,000+ files containing sensitive medical records, images and records of minors.
- Root cause: Data exfiltration from insecure/exposed AWS S3 buckets; buckets reportedly remained vulnerable when investigated.
- Supply-chain effect: Breach of a single provider risks many downstream healthcare organisations and their patients.
- Regional activity: KillSec also claims recent victims in the US, Peru and Colombia; linked to prior leaks from Doctocliq in Peru.
- Detection gap: Some affected patients were unaware their data had been exposed until researchers alerted them.
- Recommended mitigations: continuous cloud security monitoring, attack surface management (ASM), third‑party risk monitoring and ongoing threat intelligence.
Context and Relevance
This incident highlights the continuing trend of attackers targeting suppliers to amplify impact — supply-chain compromises are especially dangerous in healthcare because of the sensitivity of patient data and regulatory exposure. Misconfigured cloud storage (notably S3 buckets) remains a low-cost, high-yield vector for extortion groups. Organisations using third‑party platforms to host patient records should treat supplier cloud hygiene as a direct part of their own cyber risk profile.
Why should I read this?
Short version: if you run cloud services, manage healthcare data, or look after third‑party risk, this one matters. It’s a neat example of how an exposed S3 bucket can turn into tens of thousands of breached files — and how patients often don’t even know they’re affected. We’ve read the detail so you don’t have to; take the quick wins (ASM, continuous cloud monitoring, threat intel) and action them.