[QILIN] – Ransomware Victim: Deco Dental

AI Generated Summary of the Ransomware Leak Page

Deco Dental, a United States-based healthcare provider, is identified as a ransomware victim in a leak post attributed to the threat actor group qilin. The post is dated 2025-11-02 13:15:59.067726, which serves as the post date for the entry. The leak page describes the incident as a data-exfiltration event typical of double-extortion campaigns and notes the presence of a claim URL. The page also embeds three screenshots that appear to depict internal documents or data artifacts. In the body excerpt, a line labeled “TOX” is followed by a hex string: 7C35408411AEEBD53CDBCEBAB167D7B22F1E66614E89DFCB62EE835416F60E1BCD6995152B68.

Deco Dental is identified within the Healthcare sector in the United States on the leak page, with three attached images and a claim URL present. The excerpt does not explicitly state whether encryption occurred or which data were affected, though the format aligns with ransomware leak postings designed to pressure victims. The imagery is described as screenshots, and the hex-tag line under “TOX” provides a unique attacker marker. No direct download links are visible on the page beyond the claimed portal.

CTI context and recommended actions: This entry underlines the continuing risk to healthcare providers from ransomware operators like qilin. For Deco Dental, defenders should verify whether any patient or operational data was exfiltrated, assess regulatory exposure, and prepare appropriate notification steps if required. Monitoring for updates or further data releases tied to the claim URL is advised, alongside strengthening backup and incident-response measures. The presence of three screenshots and a hex-tag “TOX” marker is consistent with double-extortion playbooks, and analysts should track any related activity across campaigns for indicators of compromise and actor TTPs.