FriendlyCare Pharmacy Hit by Kairos Ransomware Attack, 113GB of Sensitive Data Stolen
FriendlyCare Pharmacy, a Queensland-based chain with seven locations offering pharmaceutical, health, and personal care services, has been targeted in a ransomware attack by the Kairos group. The threat actors claim to have exfiltrated 113GB of data, which they listed on their dark web leak site overnight.
A sample of the stolen data, posted by Kairos, includes medical records, prescription details, incident reports, employment correspondence, and licensing documents all containing sensitive personal information such as names and medical histories. The leaked files appear to originate from the company’s Booval location.
Kairos has set a six-day deadline before publishing the full dataset, accusing FriendlyCare of concealing the breach. In a statement to Cyber Daily, the group framed its actions as a public service, stating: “FriendlyCare Pharmacy is currently keeping quiet about the data leak. We believe that people should know about what has happened.” FriendlyCare has not yet responded to requests for comment.
About the Kairos Ransomware Group
Kairos, first observed in November 2024, operates on Russian-language hacking forums and has claimed at least 79 victims to date. The group follows a structured extortion process:
- Seven-day response window for victims to engage.
- If no agreement is reached, the breach is publicly disclosed.
- Failure to comply results in full data publication, followed by notifications to partners, customers, and competitors potentially triggering legal, financial, and reputational damage.
Kairos’ most recent Australian victim was Seagrass Boutique Hospitality Group, breached on 12 February 2026. The group’s tactics mirror those of other ransomware operations, though CYJAX threat intelligence indicates no direct ties to established cybercriminal collectives.
Friendly Care cybersecurity rating report: https://www.rankiteo.com/company/friendly-care
"id": "FRI1776328117",
"linkid": "friendly-care",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare/Pharmaceutical',
'location': 'Queensland, Australia',
'name': 'FriendlyCare Pharmacy',
'size': '7 locations',
'type': 'Pharmacy Chain'}],
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes (names, medical '
'histories)',
'sensitivity_of_data': 'High (contains personally '
'identifiable information and medical '
'histories)',
'type_of_data_compromised': ['Medical records',
'Prescription details',
'Incident reports',
'Employment correspondence',
'Licensing documents']},
'description': 'FriendlyCare Pharmacy, a Queensland-based chain with seven '
'locations offering pharmaceutical, health, and personal care '
'services, has been targeted in a ransomware attack by the '
'Kairos group. The threat actors claim to have exfiltrated '
'113GB of data, which they listed on their dark web leak site '
'overnight. A sample of the stolen data includes medical '
'records, prescription details, incident reports, employment '
'correspondence, and licensing documents containing sensitive '
'personal information such as names and medical histories.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'public disclosure',
'data_compromised': '113GB of sensitive data',
'identity_theft_risk': 'High risk due to exposure of medical and '
'personal data',
'legal_liabilities': 'Potential legal liabilities due to data '
'exposure'},
'motivation': 'Extortion',
'ransomware': {'data_exfiltration': 'Yes (113GB stolen)',
'ransomware_strain': 'Kairos'},
'references': [{'source': 'Cyber Daily'}],
'threat_actor': 'Kairos',
'title': 'FriendlyCare Pharmacy Hit by Kairos Ransomware Attack',
'type': 'Ransomware'}