Ransomware Group: QILIN

VICTIM NAME: healthtrust[.]org

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to a healthcare organization operating under the domain healthtrust.org, located in the United States. The attack was discovered on June 5, 2025, and involved a data breach targeting sensitive information. According to initial reports, all data associated with this organization is scheduled to be made available for download on June 17, 2025. The leak appears to include internal records, which may pose a significant threat to patient privacy and organizational confidentiality. The page contains a screenshot illustrating internal documents or data, emphasizing the seriousness of the breach. No specific details about the compromised data are disclosed publicly, but the leak could potentially impact numerous stakeholders within the healthcare sector. Cybercriminals associated with the group ‘qilin’ are responsible for this attack, and the incident underscores ongoing risks facing healthcare providers.

The breach is part of a broader attack campaign targeting organizations with sensitive data, with the threat actor planning to distribute the stolen information in the near future. The compromised organization has a history rooted in local healthcare services, with origins dating back to the late 20th century. The incident not only highlights vulnerabilities in healthcare data security but also raises concerns about the potential misuse of confidential health information. The leak’s public availability on the dark web emphasizes the need for ongoing cybersecurity vigilance among healthcare entities, especially in handling protected health information (PHI). The breach’s timeline and the presence of visual evidence on the leak page suggest a carefully orchestrated attack intended to pressure the organization and its stakeholders.