This post is also available in:
עברית (Hebrew)
In a concerning development, the Qilin ransomware group has claimed responsibility for the February 10th cyberattack on the Utsunomiya Central Clinic (UCC), a prominent cancer treatment center in Japan. The attack has compromised the sensitive health information of approximately 300,000 patients and rendered the clinic’s systems inoperable.
UCC reported the attack on February 18th, when network issues were described as having occurred a week earlier. Upon discovering the breach, the clinic took immediate steps to disconnect its servers from the internet, disrupting its ability to provide medical services. As a result, the clinic had to restrict its consultation and medical checkup services, leaving its systems unable to function.
Qilin, a growing player in the ransomware landscape, has been escalating its attacks since the start of 2025. The group uses a ransomware-as-a-service (RaaS) model and is known for its double extortion tactics. This attack marks another high-profile breach for the gang, which previously targeted the UK’s NHS and other organizations across various sectors.
According to Cybernews, the Qilin group, also known by some as “Agenda,” announced the encryption of UCC’s network and the exfiltration of 135GB of data, including medical records, patient information, scans, and more. Qilin boasted of stealing 178,319 files, detailing sensitive personal and medical information such as names, dates of birth, health check data, and medical histories of patients. Notably, the clinic emphasized that financial data, including credit card details and social security numbers, were not compromised.
Qilin also shared several samples of the stolen data, Cybernews explained, including medical documents and radiology images showing cancer diagnostics, to demonstrate the severity of the breach. In a taunting message, the ransomware group warned patients that their sensitive health data, including medical images, might be exposed due to the clinic’s failure to protect the data.
The clinic has urged patients to be cautious of suspicious emails or calls and has set up a hotline for inquiries and is actively working to restore its services. Despite the disruption, UCC has vowed to keep the public updated on its progress.
As the investigation into the UCC attack continues, this breach highlights the increasing sophistication of ransomware groups like Qilin, who not only disrupt vital services but also jeopardize the privacy and security of sensitive health data. The healthcare sector, already a prime target for cybercriminals, must prioritize strengthening its cybersecurity defenses to protect against such devastating attacks. With Qilin showing no signs of slowing down, organizations worldwide must remain vigilant and proactive in defending their networks against these evolving threats.
