Long Island Weight Loss Institute Hit by Qilin Ransomware Attack, Exposing Sensitive Patient Data
On September 22, 2025, the Long Island Weight Loss Institute (LIWLI), a medical weight loss clinic with locations in Smithtown, East Meadow, Port Jefferson Station, and Amityville, New York, detected unusual activity in its computer systems. After securing its network and enlisting third-party cybersecurity experts, the company confirmed a ransomware attack had compromised sensitive patient data.
The hacking group Qilin claimed responsibility for the breach, announcing on October 19, 2025, via the dark web that it had exfiltrated 13 GB of organizational data. The exposed information included a wide range of personally identifiable and protected health data, such as:
- Personal details: Names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, passport numbers, driver’s license numbers, and government-issued photo IDs.
- Medical records: Medical record numbers, treatment information, lab results, diagnoses, prescription details, and health insurance data.
- Financial data: Billing and payment records, invoices, and credit card/bank account information.
The types of exposed data varied by individual. LIWLI completed its investigation and began mailing notifications to affected patients on January 5, 2026.
The breach underscores the growing threat of ransomware attacks targeting healthcare providers, where sensitive patient data remains a high-value target for cybercriminals. The incident highlights the potential for long-term risks, including identity theft, financial fraud, and medical fraud, for those impacted. Legal investigations into the breach are ongoing, with affected individuals potentially eligible for compensation through class action litigation.
Source: https://www.claimdepot.com/investigations/long-island-weight-loss-institute-data-breach-2026
Long Island Weight Loss Institute cybersecurity rating report: https://www.rankiteo.com/company/long-island-weight-loss-institute
"id": "LON1770197737",
"linkid": "long-island-weight-loss-institute",
"type": "Ransomware",
"date": "9/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Smithtown, East Meadow, Port Jefferson '
'Station, Amityville, New York',
'name': 'Long Island Weight Loss Institute (LIWLI)',
'type': 'Medical weight loss clinic'}],
'customer_advisories': 'Mailed notifications to affected patients on January '
'5, 2026',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone numbers',
'Email addresses',
'Dates of birth',
'Social Security '
'numbers',
'Passport numbers',
'Driver’s license '
'numbers',
'Government-issued '
'photo IDs',
'Medical record '
'numbers',
'Treatment '
'information',
'Lab results',
'Diagnoses',
'Prescription details',
'Health insurance '
'data',
'Billing and payment '
'records',
'Invoices',
'Credit card/bank '
'account information'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal details',
'Medical records',
'Financial data']},
'date_detected': '2025-09-22',
'date_publicly_disclosed': '2025-10-19',
'description': 'On September 22, 2025, the Long Island Weight Loss Institute '
'(LIWLI) detected unusual activity in its computer systems. '
'After securing its network and enlisting third-party '
'cybersecurity experts, the company confirmed a ransomware '
'attack had compromised sensitive patient data. The hacking '
'group Qilin claimed responsibility for the breach, announcing '
'on October 19, 2025, via the dark web that it had exfiltrated '
'13 GB of organizational data, including personally '
'identifiable and protected health information.',
'impact': {'brand_reputation_impact': 'Potential long-term risks including '
'identity theft, financial fraud, and '
'medical fraud',
'data_compromised': '13 GB of organizational data',
'identity_theft_risk': 'High',
'legal_liabilities': 'Ongoing legal investigations, potential '
'class action litigation',
'payment_information_risk': 'High'},
'investigation_status': 'Completed',
'lessons_learned': 'The breach underscores the growing threat of ransomware '
'attacks targeting healthcare providers, where sensitive '
'patient data remains a high-value target for '
'cybercriminals.',
'motivation': 'Financial gain',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Qilin'},
'references': [{'date_accessed': '2025-10-19',
'source': 'Dark web announcement by Qilin'}],
'regulatory_compliance': {'legal_actions': 'Ongoing legal investigations, '
'potential class action '
'litigation'},
'response': {'communication_strategy': 'Mailed notifications to affected '
'patients on January 5, 2026',
'containment_measures': 'Secured network',
'incident_response_plan_activated': 'Yes',
'third_party_assistance': 'Yes'},
'threat_actor': 'Qilin',
'title': 'Long Island Weight Loss Institute Hit by Qilin Ransomware Attack',
'type': 'Ransomware'}