[QILIN] – Ransomware Victim: The Blood and Marrow Transplant Group of Georgia
NOTE: No files or stolen information are exfiltrated, downloaded, taken, hosted, seen, reposted, or disclosed by RedPacket Security. Any legal issues relating to the content should be directed at the attackers, not RedPacket Security. This blog is an editorial notice informing that a company has fallen victim to a ransomware attack. RedPacket Security is not affiliated with any ransomware threat actors or groups and will not host infringing content. The information on this page is automated and redacted whilst being scraped directly from the QILIN Onion Dark Web Tor Blog page.
AI Generated Summary of the Ransomware Leak Page
On October 19, 2025, a leak page attributed to the ransomware group qilin published information about The Blood and Marrow Transplant Group of Georgia (BMTGA). The victim operates in the healthcare sector, specializing in blood and marrow stem cell transplantation, acute leukemia treatment, and CAR T-cell immunotherapy. The page describes BMTGA as a premier provider in the Southeast, citing exceptional survival outcomes that purportedly exceed expectations for allogeneic and unrelated donor transplants and noting collaboration with referring physicians to ensure comprehensive patient care. The post frames the incident as a data-leak associated with a cyber intrusion, indicating that data has been exfiltrated. The post also states that the exact amount of downloaded data is unknown at the moment and includes a defanged claim URL to support the breach claim. The leak page features a gallery of three images; the images are described only in general terms as screenshots or internal documents, with no detailed description of their contents in the excerpt.
In addition to descriptive content, the leak provides artifacts such as a redacted contact mechanism and access details. The body excerpt references a Jabber contact and a TOX code, along with an FTP-style data-sharing address; credentials and specific addresses have been redacted in this summary. No ransom amount is publicly disclosed in the excerpt; the combination of a claim URL and an explicit data-exfiltration claim aligns with common double-extortion ransomware patterns observed in the threat landscape. The post is dated October 19, 2025, which serves as the post date rather than a confirmed compromise date. The three included images—likely screenshots of internal materials—are not described in detail here. The incident underscores persistent cybersecurity risks to healthcare providers handling sensitive patient and clinical data and illustrates the ongoing use of public data leaks as a tactic that may accompany potential extortion.
Support Our Work
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon or Buy Me A Coffee using the buttons below.
