Healthcare Sector Under Siege: The Impact of Ransomware on Plastic Surgery Practices

Incident Date: Apr 25, 2024

Attack Overview

VICTIM

Dr. Lincoln Graça Neto

INDUSTRY

Healthcare Services

LOCATION

Brazil

ATTACKER

Qiulong

FIRST REPORTED

April 25, 2024

Request Removal

Ransomware Attack on Dr. Lincoln Graça Neto's Clinic by Qiulong Group

Company Profile

Dr. Lincoln Graça Neto, a prominent plastic surgeon based in Curitiba, Brazil, operates a private practice specializing in both humanitarian and cosmetic plastic surgery. His clinic is renowned for providing natural-looking and enduring results, leveraging advanced surgical techniques. Dr. Graça Neto holds an MD, MSc, and PhD, and has contributed to the field with research on innovative breast implant procedures. His professional standing includes former leadership roles in significant plastic surgery training and international plastic surgery organizations.

Ransomware Attack Details

The Qiulong ransomware group, known for its activities primarily in Latin America, has recently targeted Neto's clinic. The attack resulted in the encryption of sensitive data, including nude images of patients, personal data, accounting records, financial documents, contact information, and non-disclosure agreements. This data breach poses significant privacy and security risks to the patients and the clinic's operations.

Ransomware Group Profile: Qiulong

The Qiulong group employs sophisticated tactics similar to those of the Hive and Nokayawa ransomware families. They typically gain access through known valid accounts, exposed Remote Desktop Protocol (RDP) servers, and vulnerabilities in FortiOS. Their modus operandi includes using tools like AdFind for gathering information and distributing malicious executables via internal network mechanisms. The ".play" file extension is commonly used for encrypted files in their attacks.

Vulnerabilities and Industry Impact

The clinic, like many in the healthcare sector, handles sensitive personal and medical information, making it a high-value target for cybercriminals. The combination of high-stakes data and potentially insufficient cybersecurity measures can make healthcare institutions particularly vulnerable to ransomware attacks. The breach not only threatens patient confidentiality but also the clinic's reputation and operational continuity.

Sources

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.