Ransomware Group: QILIN

VICTIM NAME: apderm[.]com

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

APDerm, the largest physician-owned dermatology clinic in New England, operates 25 locations across New Hampshire, Massachusetts, and Rhode Island. A leak page attributed to the threat actor group Qilin, published on August 13, 2025, describes a ransomware incident in which APDerm is claimed to be compromised and data exfiltrated and publicly disclosed. The post frames this as a data-leak event rather than a pure encryption of systems, and asserts that personal data belonging to patients has been made publicly accessible. According to the post, the leaked materials include driver’s licenses, phone numbers and addresses, bank account details, and complete treatment schedules and costs, alongside APDerm’s historical financial reports. The post warns that the breach could lead to reputational damage and regulatory scrutiny, and asserts that at least 9,000 patients are affected by the exposure. The published date is August 13, 2025; no explicit compromise date is provided in the data available.

Evidence and attachments: The leak page includes nine image attachments intended to illustrate the claimed data. The content describes internal documents and financial records as part of the data exfiltration claim. There are references to a redacted Jabber contact and a redacted data-sharing indicator, but these items are not disclosed in the publicly visible excerpt. The threat actor is said to host materials on a Tor onion service, with the images described in the post as being hosted on that domain. No direct URLs are reproduced in this summary. The date of publication remains August 13, 2025, which is the post date rather than a separate compromise date.

Implications and risk considerations: For APDerm and similar healthcare providers, this incident underscores the ongoing risk to patient privacy when personal data, including identifiers, contact details, and treatment records, may be exposed in a data-leak scenario. If the claims are verified, the breach could trigger regulatory notification obligations and require comprehensive post-breach remediation, including data-security enhancements, encryption, access controls, and auditing of historic records. The leak’s presentation—nine illustrative images and a Tor-hosted data set—highlights the need for rigorous data governance and rapid incident response to mitigate patient-impact and reputational harm. Note: all non-public personal information shown in the leak excerpt has been redacted.