Ransomware Group: QILIN

VICTIM NAME: Fullerton Surgical Center (FSC)

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

On August 20, 2025, a leak page attributed to the threat actor group “qilin” details an intrusion targeting Fullerton Surgical Center (FSC), a US-based healthcare clinic offering a range of surgical and specialty services. The post frames the incident as a data leak rather than a traditional encryption event and states that highly sensitive patient information has been exposed. The attackers claim they exfiltrated a substantial volume of data and imply that the stolen material may be released publicly or disclosed. The page hints at civil action and substantial compensation as potential consequences, but there is no explicit ransom amount disclosed in the excerpt.

The leak page includes 12 image attachments that appear to be screenshots or thumbnails of internal documents and related graphics accompanying the claim. These visuals are typical of data-leak postings designed to substantiate the breach and illustrate the scope of the exfiltrated material. In addition to the textual content, the page lists contact channels and a data-transfer point—a Jabber contact (redacted in this sanitized summary) and an FTP-style access line. The credentials and addresses are defanged or redacted for publication. The post also notes the presence of a claim URL for negotiation or verification, though no direct URLs are shown here.

The post date for this leak is August 20, 2025, which functions as the publication date for the breach information since no separate compromise date is provided in the excerpt. The content centers on FSC as the victim and emphasizes the privacy and regulatory risks associated with the exposure of patient data. PII has been redacted in this summary, including the redaction of emails and other identifying details, while preserving the core breach facts—data exfiltration, potential public release, and the threat actor’s messaging. The summary retains the victim name exactly as provided and avoids naming other entities beyond FSC, in line with the briefing’s focus.