A Brazil-based healthcare software provider, MedicSolution, was targeted on September 8, 2025, by the ransomware group KillSec, which claimed responsibility for the attack and threatened to leak sensitive data unless negotiations begin promptly. The incident underscores the growing risk to healthcare infrastructure when assaults strike IT vendors in the supply chain.
Resecurity, which tracked the breach, said the strike leveraged a key supply-chain foothold to reach multiple healthcare organizations, magnifying potential harm. The campaign led to the exposure of more than 34 gigabytes of data across some 94,818 files, spanning medical evaluations, laboratory results, X-rays, unredacted patient photographs, and records involving minors. The attack illustrates why supply-chain compromises can yield broader, more damaging outcomes than assaults on a single target.
KillSec’s activity has extended beyond Brazil in recent days, with reported intrusions in Colombia, Peru, and the United States. Victims publicly associated with the campaign include Archer Health in the United States, Suiza Lab in Peru, GoTelemedicina and eMedicoERP in Colombia, as well as Doctocliq in Peru, among others. The group has previously targeted a mix of healthcare and non-healthcare entities, raising concerns about ongoing, region-wide pressure on the sector.
Investigators say the breach involved exposed cloud storage, with stolen files found in plaintext in accessible AWS buckets. Resecurity noted that data remained exposed during the initial stages of the incident, highlighting gaps in containment and incident response. In its efforts to facilitate containment, the firm alerted key national authorities, including CERT.br and the Autoridade Nacional de Proteção de Dados (ANPD), which oversees Brazil’s data-protection regime. The disclosure suggests the attackers may have exploited misconfigurations or weak access controls rather than novel exploits.
The incident adds to a growing record of privacy and security concerns in Brazil’s healthcare sector, where regulators have proceeded with enforcement actions and court decisions in response to data breaches. Brazilian courts have typically favored claimants in data-protection disputes, particularly where health information is involved. Regulators like the ANPD have pursued penalties and corrective measures to strengthen privacy protections and breach response capabilities.
Experts emphasize that the healthcare sector’s rapid digital transformation — including cloud-based systems, connected devices, and electronic medical records — expands the attack surface and heightens risk. The government-level response includes stricter enforcement under the Lei Geral de Proteção de Dados (LGPD), with authorities such as the ANPD, ANVISA, and the CFM pursuing compliance, audit, and sanctions when breaches occur. The landscape remains dynamic as regulators balance patient privacy with the operational needs of health services.
As a preventative measure, Resecurity recommends healthcare organizations bolster data protection policies, secure explicit consent for processing sensitive health data, restrict access to authorized personnel, and report breaches to the ANPD and affected individuals within three business days. Ongoing cyber threat intelligence and digital risk monitoring are urged, alongside proactive asset discovery and vulnerability management to mitigate exposure in complex IT environments.