A ransomware attack claimed by the group KillSec has disrupted MedicSolution, a software provider serving Brazil’s healthcare sector.
On September 8 2025, the hackers reportedly threatened to leak stolen data unless negotiations were initiated.
According to a new advisory by Resecurity, the breach could affect a wide range of medical providers and patients, given MedicSolution’s central role in the healthcare supply chain.
Supply Chain Breach and Data Exposure
By targeting a software vendor instead of a single clinic, the attackers expanded their reach dramatically.
Resecurity stated that the group obtained more than 34 GB of data comprising 94,818 files, including:
-
Medical evaluations
-
Lab results
-
X-rays
-
Unredacted patient photos, including body images
-
Records related to minors
The stolen files appear to involve institutions such as Vita Exame, Clinica Especo Vida, Centro Diagnostico Toledo, Labclinic and Laboratório Alvaro.
KillSec has previously targeted Brazilian entities, leaking personal and financial data from government systems. The latest incident, however, strikes directly at healthcare operations. Stolen medical records can be used for extortion, causing harm to both providers and patients.
According to Resecurity, the data was not taken through a complex hack but was left exposed in misconfigured AWS cloud buckets.
The exposure highlights persistent gaps in incident response and monitoring across the sector.
Despite outreach from investigators, MedicSolution has not issued a public response.
Wider Campaign and Regulatory Context
The attack is part of a broader campaign in Latin America and beyond. In recent weeks, KillSec has claimed responsibility for breaches at Archer Health in the US, Suiza Lab in Peru, and Colombian providers GoTelemedicina and eMedicoERP.
One month earlier, the group leaked data from Doctocliq, a Peruvian platform serving more than 3500 doctors in 20 countries.
Healthcare organizations in Brazil are bound by the Lei Geral de Proteção de Dados (LGPD), which classifies health data as sensitive and requires strong safeguards, explicit consent and breach reporting within three business days.
The Autoridade Nacional de Proteção de Dados (ANPD) enforces compliance and has issued fines totaling over BRL 98 million ($20m USD) across all sectors since 2023, with healthcare among the hardest hit.
Resecurity warned that KillSec may still be preparing further disclosures in Brazil, underlining the sector’s ongoing vulnerability to cybercrime.
