Shadow Tier cyber intelligence
Back to overview
Palauhealth logo
palauhealth.org
Palauhealth
Confidence MediumFeb 20, 2025palauhealth.org

Qilin ransomware group claims hack of Palau Ministry of Health and Human Services

PatternExternal actor · Malware · Confidentiality impact

The Qilin ransomware group claimed responsibility for a cyberattack on the Palau Ministry of Health and Human Services (MHHS) in a leak post dated February 20, 2025. The group threatened to release stolen data. The MHHS confirmed a cyberattack and an ongoing investigation, stating that patient data, including billing summaries for Belau National Hospital patients (2018-2022), names, addresses, phone numbers, dates of birth, diagnoses, and procedures, was compromised.

Signal date
Feb 20, 2025
Updated
Jun 26, 2026
Confidence
Medium
Sources
3 sources
palauhealth.org logo

Palauhealth

Sector
Health Care and Social Assistance
Signals
1 linked
Scan this company

Signal context

First seen: Feb 20, 2025

Last updated: Jun 26, 2026

Status: Public signal

Key points

  • Qilin ransomware group claimed responsibility on February 20, 2025.
  • Patient data compromised, including billing summaries, personal, and health information.
  • MHHS confirmed cyberattack and ongoing investigation.

Signal analysis

Beta

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization
Palauhealth logo
Palauhealth

Sector: Health Care and Social Assistance

Likely country: 🇦🇺 Australia, 🇬🇧 United Kingdom

inferred from source domains

    Estimated
    Threat source
    Malware, Hacking, Error activity

    Watch ransomware, endpoint compromise and business interruption exposure.

    • Source type: outside the affected organization
    Business impact
    Potential operational disruption

    Impact area: Confidentiality, Availability

    Likely asset: User or customer data

    Trend context
    98 signals with similar action pattern
    • 6 signals in the same sector
    • 100 signals with the same likely impact area
    • 1 signal linked to this organization/domain
    Mentioned entities
    PalauhealthData DisclosureQilinPalau Ministry of Health andHuman Services The QilinHuman ServicesMHHSThe MHHSBelau National HospitalPatient

    External sources

    Related signals

    Grouped by why the signal is relevant.

    viennaairport.com logoViennaairportJun 23, 2026
    Same action patternSame impact area

    Vienna Airport Targeted in APT73/Bashe Ransomware Attack

    The ransomware group APT73/Bashe claimed responsibility for a cyberattack against Vienna Airport (Flughafen Wien AG) on June 23, 2026, threatening to leak sensitive data. The airport acknowledged a limited leakage of old cargo-related files from one email inbox but denied a broader system compromise.

    mckaysugar.com.au logoMckaysugarJun 21, 2026
    Same action patternSame impact area

    McKay Sugar Cyber Incident by Gentlemen Ransomware Group

    McKay Sugar, a major Australian sugar producer, suffered a cyber incident that disrupted operations at its Farley and Racecourse Mills. The Gentlemen ransomware group claimed responsibility for the attack around June 15-16, 2026, on their leak site. Public reporting indicated that McKay Sugar was working to verify what data was stolen or accessed. The ransomware group claimed to have stolen over 26 million records containing PII of customers and other internal data. The incident was discussed in public reporting around June 21, 2026.

    comta.com.tw logoComtaJun 19, 2026
    Same action patternSame impact area

    Como Furniture Enterprises Data Breach by LockBit

    Como Furniture Enterprises, a mold design and manufacturing company based in Taiwan, was reported to have suffered a data breach discovered on June 19, 2026, with the LockBit ransomware group identified as the threat actor. The group has threatened to leak sensitive data unless their demands are met.

    sandhillsmedical.org logoSandhillsmedicalJun 15, 2026
    Same sectorSame action patternSame impact area

    Sand Hills Medical Foundation Hit by Inc Ransomware, Patient Data Leaked

    Sand Hills Medical Foundation in South Carolina was impacted by the Inc ransomware group, which claimed responsibility and leaked stolen data on June 15, 2026. Approximately 169,000 patients were affected, with exposed data including Protected Health Information (PHI), Social Security numbers, driver's licenses, and passports.

    kodak.com logoKodakJun 15, 2026
    Same action patternSame impact area

    Kodak Confirms Data Breach After ShinyHunters Ransomware Claim

    Eastman Kodak confirmed that an unauthorized third party accessed a limited amount of company data. This confirmation followed the ShinyHunters ransomware group listing Kodak on their leak site on June 15, 2026, and threatening to publish over 2.2 million records of customer personally identifiable information and internal corporate files.

    huntsvillehospital.org logoHuntsvillehospitalJun 26, 2026
    Same sectorSame action patternSame impact area

    Huntsville Hospital Health System Notifies Patients of Data Exposure from Cerner Breach

    Huntsville Hospital Health System informed patients on June 26, 2026, about a data exposure stemming from a 2025 breach on Cerner's (now Oracle Health) legacy systems. The breach, which occurred on January 22, 2025, exposed personal and medical information. Cerner had notified its healthcare clients, including Huntsville Hospital, on August 12, 2025, but patient notification was delayed at the request of law enforcement.