Healthcare Sector Under Siege: The Impact of Ransomware on Plastic Surgery Practices

Incident Date:

April 25, 2024

World map



Healthcare Sector Under Siege: The Impact of Ransomware on Plastic Surgery Practices


Dr. Lincoln Graça Neto




Curitiba, Brazil

, Brazil

First Reported

April 25, 2024

Ransomware Attack on Dr. Lincoln Graça Neto's Clinic by Qiulong Group

Company Profile

Dr. Lincoln Graça Neto, a prominent plastic surgeon based in Curitiba, Brazil, operates a private practice specializing in both humanitarian and cosmetic plastic surgery. His clinic is renowned for providing natural-looking and enduring results, leveraging advanced surgical techniques. Dr. Graça Neto holds an MD, MSc, and PhD, and has contributed to the field with research on innovative breast implant procedures. His professional standing includes former leadership roles in significant plastic surgery training and international plastic surgery organizations.

Ransomware Attack Details

The Qiulong ransomware group, known for its activities primarily in Latin America, has recently targeted Neto's clinic. The attack resulted in the encryption of sensitive data, including nude images of patients, personal data, accounting records, financial documents, contact information, and non-disclosure agreements. This data breach poses significant privacy and security risks to the patients and the clinic's operations.

Ransomware Group Profile: Qiulong

The Qiulong group employs sophisticated tactics similar to those of the Hive and Nokayawa ransomware families. They typically gain access through known valid accounts, exposed Remote Desktop Protocol (RDP) servers, and vulnerabilities in FortiOS. Their modus operandi includes using tools like AdFind for gathering information and distributing malicious executables via internal network mechanisms. The ".play" file extension is commonly used for encrypted files in their attacks.

Vulnerabilities and Industry Impact

The clinic, like many in the healthcare sector, handles sensitive personal and medical information, making it a high-value target for cybercriminals. The combination of high-stakes data and potentially insufficient cybersecurity measures can make healthcare institutions particularly vulnerable to ransomware attacks. The breach not only threatens patient confidentiality but also the clinic's reputation and operational continuity.


Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.