[QILIN] – Ransomware Victim: NurseSpring

AI Generated Summary of the Ransomware Leak Page

On October 22, 2025, a leak post attributed to the ransomware group qilin identified NurseSpring, a United States-based healthcare provider that specializes in home health care, healthcare staffing, and nurse recruitment, as a victim. The post frames the incident as a data-leak event rather than a traditional encryption attack and claims that sensitive data has been exfiltrated from NurseSpring’s network. The attackers state that the total volume of exfiltrated data is unknown at the time of posting and indicate that additional information would be released later; there is no explicit ransom amount disclosed in the excerpt. The leak page includes a claim URL and features three images that appear to be screenshots or internal documents, hosted on a Tor onion service. A data-share address and credentials are referenced in the text, but those details are redacted in this summary. The overall presentation aligns with double-extortion patterns in which attackers threaten to publish stolen data to pressure payment.

The page’s content emphasizes NurseSpring’s role in providing in-home health services, staffing, and nurse recruitment within the United States, and the posted date serves as the page date rather than necessarily reflecting a known compromise date. The leak also indicates that the amount of data downloaded remains unknown and that more information would be provided later, which is typical of ongoing leak campaigns. Three images are included on the page, described in the metadata as screenshots or internal documents; they are hosted on an onion-addressed domain, and their exact contents are not disclosed in the summary. No direct ransom figure or encryption status is stated in the excerpt, and there is a link claim present, suggesting additional material or a demand may be offered through the linked resource.