MedImpact, a major U.S.-based pharmacy benefit manager (PBM) and healthcare solutions provider, suffered a ransomware attack attributed to the Russian-based group Qilin. The incident prompted immediate protective measures from affiliated entities like Security Health Plan, which assured patients that their personal information remained secure and that care disruptions were minimized. Qilin, known for high-profile ransomware campaigns, has claimed over 700 attacks in 2025 alone, signaling a persistent and escalating threat to healthcare infrastructure. While MedImpact’s statement did not confirm data exfiltration, the involvement of a prolific ransomware group raises concerns about potential exposure of sensitive patient data, including prescription records, personal identifiers, or financial details tied to pharmacy benefits. The attack underscores vulnerabilities in third-party healthcare vendors, which serve as critical but often targeted links in the supply chain. Recovery efforts likely involved containment, forensic analysis, and coordination with cybersecurity firms to mitigate risks of further exploitation or regulatory penalties under HIPAA or other data protection laws.
Source: https://www.wsaw.com/2025/10/30/area-hospital-says-patient-information-is-secure-after-cyber-attack/
TPRM report: https://www.rankiteo.com/company/medimpact
"id": "med5262052103025",
"linkid": "medimpact",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'United States',
'name': 'MedImpact',
'size': 'One of the largest independent PBMs in the '
'U.S.',
'type': 'Pharmacy Benefit Manager (PBM)'},
{'industry': 'Healthcare',
'location': 'Marshfield, Wisconsin, U.S.',
'name': 'Security Health Plan (Marshfield Clinic)',
'type': 'Healthcare Provider / Health Plan'}],
'customer_advisories': 'Members and patients advised of protective measures',
'data_breach': {'personally_identifiable_information': 'Claimed to be secure '
'(no confirmation of '
'breach)'},
'description': "Marshfield Clinic's pharmacy benefit manager, MedImpact, "
'experienced a ransomware attack claimed by the Russian-based '
'ransomware group Qilin. The incident prompted Security Health '
'Plan to implement protective measures to safeguard patient '
'information and minimize care disruption. Qilin has '
'reportedly conducted over 700 ransomware attacks in 2025.',
'impact': {'brand_reputation_impact': 'Potential erosion of trust among '
'patients and members',
'operational_impact': 'Potential disruption to patient care',
'systems_affected': ['Pharmacy benefit management systems']},
'investigation_status': 'Ongoing (protective measures implemented)',
'ransomware': {'data_encryption': 'Likely (standard ransomware tactic)'},
'references': [{'date_accessed': '2025', 'source': 'WSAW News'},
{'date_accessed': '2025', 'source': 'Cybernews.com'}],
'response': {'communication_strategy': 'Public statement released to reassure '
'members and patients',
'incident_response_plan_activated': 'Yes (proactive measures '
'implemented)'},
'stakeholder_advisories': 'Public statement released by Security Health Plan',
'threat_actor': 'Qilin (Russian-based ransomware group)',
'title': 'Cybersecurity Incident Involving MedImpact Pharmacy Benefit Manager',
'type': 'Ransomware Attack'}