Palawan Medical Mission Group Multipurpose Cooperative Targeted in Qilin Ransomware Attack
PUERTO PRINCESA CITY, Palawan – The Palawan Medical Mission Group Multipurpose Cooperative (PMMGMPC), operating as Palawancoop Hospital, appears to be the latest victim in a suspected ransomware attack by the notorious Qilin ransomware group. While PMMGMPC has not yet released an official statement regarding the incident, evidence from leaked documents suggests a compromise of their systems, impacting critical patient data and hospital operations.
Documents posted on Qilin's website, purportedly from the cooperative, include detailed X-ray reports and clinical chemistry results. The X-ray report, dated November 7, 2024, shows findings related to skull and thoracic cage examinations. Similarly, a clinical chemistry result, also dated November 7, 2024, outlines patient potassium and sodium levels.
Another leaked image, identified as a "company file," indicates that "All data of this company will be available for download on 22.06.2025," along with a mention of "45000 files | 30.00 GB" of data. This timeline and the scale of the claimed data exfiltration are hallmarks of Qilin's double extortion tactics, where data is stolen and threatened for public release if a ransom is not paid.
Qilin, a ransomware-as-a-service (RaaS) operation that has been active since 2022, is known for targeting critical sectors globally, with a particular focus on healthcare organizations. The group often employs sophisticated techniques, including spear phishing and exploiting vulnerabilities in remote access services, to gain initial entry into networks.
Once inside, they typically encrypt systems and exfiltrate sensitive data, demanding a ransom for decryption and to prevent the public release of the stolen information.
The potential impact of such an attack on a healthcare institution like PMMGMPC could be significant, disrupting patient services and potentially exposing sensitive medical information. The healthcare sector remains a prime target for ransomware groups due to the critical nature of its services and the valuable personal and medical data it holds.
As of this report, there has been no official confirmation from PMMGMPC regarding the nature or extent of the alleged cyberattack, nor any details about a ransom demand.
The public and affected individuals are advised to stay vigilant for any official announcements from PMMGMPC and to be cautious of any suspicious communications that may arise in the wake of this alleged data compromise.
Our Data Breach Notification Division reached out to PMMGMPC to inform them of the suspected incident and the circulating data as well.
