Qilin Claims Responsibility for Utsunomiya Central Clinic After Recent Palau Ransomware Attack

• The Russia-linked Qilin threat actor’s latest claimed victim after a Palau Ministry is a clinic in Japan.
• The Utsunomiya Central Clinic data breach may have impacted around 300,000 patients.
• Leaked data includes personal information and medical details from over 178,000 files.

The Qilin hacking group, also known as Agenda Ransomware, has taken responsibility for a recent ransomware attack targeting the Utsunomiya Central Clinic in Japan, resulting in a significant data breach that potentially affected as many as 300,000 individuals.  

The attack, which occurred on February 10, 2025, granted unauthorized access to the clinic's servers and led to the exfiltration of approximately 140 GB of sensitive data, comprising 178,319 files. 

Among the stolen data were BOD secretary data, X-rays, medical records, radiology and ECG data, specific examination information, and personal details relating to Japanese citizens. A sample of the data has already been leaked online, further raising concerns about the breach's potential impact.  

This attack follows the Russian threat actor’s involvement in a February 17 ransomware attack on the Ministry of Health and Human Services (MHHS) in Palau, disrupting operations at the Belau National Hospital. MHHS has recently recovered from the cyberattack.

The Palauan government, alongside cybersecurity experts from Australia and the United States, managed to isolate and resolve that incident within 48 hours. Despite this swift response, some sensitive patient billing data and personal information were leaked.  

The ramifications of the attack on Utsunomiya Central Clinic are far-reaching. Data breaches of this scale compromise individual privacy and shake public trust in healthcare providers’ ability to secure patient information. 

Qilin is a known Ransomware-as-a-Service (RaaS) group focusing on the healthcare sector. Healthcare systems, already grappling with limited IT resources, are increasingly under strain by ransomware attacks. 

Last month, the notorious ransomware gang claimed to have stolen the data of Japan-based tech manufacturer Hikari Seiko. In October, a new, Rust-written and resilient Qilin variant called “Qilin.B” was identified.