Qilin claims large pharmacy benefit manager MedImpact
Qilin has already claimed responsibility for more than 700 ransomware attacks this year alone but the gang isn’t stopping there. It’s just claimed that it has exfiltrated data from the large US pharmacy benefit manager, MedImpact.
-
A ransomware gang breached MedImpact, a company whose systems serve over 50 million healthcare members.
-
Attackers leaked limited number of documents detailing financial operations, claims data, and bank account summaries.
-
MedImpact confirmed ransomware presence, implemented containment measures, and is rebuilding systems in segregated infrastructure.
On its leak site, the Qilin cybercriminal gang said it has breached MedImpact, one of the largest independent pharmacy benefit managers and healthcare solution providers in the US.
MedImpact, a company that serves over 50 million members for major health plans, employers, and government programs, soon acknowledged that it had identified ransomware on certain systems and said it began “implementing containment and mitigation measures.”
Cybernews has reached out to MedImpact for additional comment and will update the article once a reply is received.
Qilin’s announcement is pretty murky, Cybernews researchers say. The gang only provides a few data snippets containing mostly financial operation details which don’t seem to contain extremely sensitive personal data.
The data, for instance, includes commission and claims remittance reports between companies which are integrated with MedImpact in their operations. They don’t show detailed information about the patients who used the insurance.
MedImpact’s bank account balance summary of one month is also provided and only includes an account number and a log of transactions: their numbers, dates, and amounts paid.
“This mainly reveals financial operation details, for example, how much partner companies are getting in commission, or summaries on how much money the company is spending,” said Cybernews researchers.
“This information could expose business strategies to competitors and might also be used for reconnaissance.”
Of course, since MedImpact indeed processes over a million healthcare claims daily, Qilin may have more sensitive information on its hands, saving it for the right moment.
The company itself said in a press release that it has launched an investigation “with the assistance of one of the nation’s leading cybersecurity firms” and is notifying the authorities.
“MedImpact is currently working to restore impacted systems in a new environment that is segregated from the prior infrastructure and protected by multiple layers of defense,” said the company.
What is Qilin?
Qilin is a prolific Russia-based group that first appeared in 2022. It began being talked about only in 2023, when it claimed 45 attacks. In 2024, the number of its victims jumped to 179, and then quadrupled this year.
Some of the big recent attacks by Qilin include a cyberattack on Asahi Holdings, Japan’s largest brewer, which caused a shortage of the country’s most popular beers, soft drinks, and cold teas.
After an alleged attack on Volkswagen Group France, the gang claimed to have exfiltrated about 2,000 files and 150GB of data consisting of sensitive client, employee, and business information.
Unlock more exclusive Cybernews content on YouTube.
