US pharmacy benefit manager MedImpact Healthcare Systems has confirmed a ransomware attack by the prolific Qilin gang. The group claims to have exfiltrated 160GB of data, including financial operation details and claims reports, raising significant concerns for the healthcare sector.
Microsoft has issued an out-of-band security update for a critical Remote Code Execution vulnerability, CVE-2025-59287, in its Windows Server Update Service. The flaw, which has a CVSS score of 9.8, is under active exploitation by threat actors, prompting a high-priority alert from CISA.
A new industrial revolution is emerging, powered by steel, sensors, and artificial intelligence. From Silicon Valley to Australia, nations and tech giants are racing to lead the humanoid robotics era, reshaping global industries and defining the future of work and economic power.
US pharmacy benefit manager MedImpact Healthcare Systems has confirmed a ransomware attack by the prolific Qilin gang. The group claims to have exfiltrated 160GB of data, including financial operation details and claims reports, raising significant concerns for the healthcare sector.
Cyber News Centre’s cyber update for 29th October 2025: MedImpact Healthcare Systems has confirmed a ransomware incident, with the Qilin gang claiming responsibility and alleging significant data theft.
MedImpact Healthcare Systems is one of the largest independent pharmacy benefit managers (PBMs) in the United States, overseeing prescription drug benefits for more than 50 million people through major health plans, employers, and government programs.
The Update: Two days ago, MedImpact confirmed that ransomware had been detected on certain systems, prompting immediate containment and mitigation actions. The Qilin ransomware group later listed the company as a victim on its dark web leak site, claiming to have stolen around 160GB of sensitive data.
While MedImpact has not verified the full extent of the breach, Qilin’s samples appear to include financial operation records, commission reports, bank summaries, and claims remittance data between associated companies. MedImpact has engaged a leading cybersecurity firm to investigate and is rebuilding affected systems within a segregated, multi-layered security environment. The company reported that pharmacy claims are now being processed, suggesting partial recovery of core services.
"MedImpact recently identified ransomware on certain systems. Immediately upon learning of the incident, the company began implementing containment and mitigation measures." - MedImpact Healthcare Systems, Official Statement
Why it matters: The attack on MedImpact exposes the growing risks faced by third-party providers in the healthcare sector. As a PBM, MedImpact connects patient data, insurers, and pharmacies, making it an attractive target for cybercriminals. A breach impacting systems that support 50 million people has serious consequences across the US healthcare ecosystem.
The exposure of financial and claims data could enable targeted attacks on MedImpact’s partners and clients. This incident also highlights the rising threat of the Qilin ransomware group, which has intensified its campaigns throughout 2025, increasingly focusing on critical infrastructure and high-value organisations.
Get the stories that matter to you.
Subscribe to Cyber News Centre and update your preferences to follow our Daily 4min Cyber Update, Innovative AI Startups, The AI Diplomat series, or the main Cyber News Centre newsletter — featuring in-depth analysis on major cyber incidents, tech breakthroughs, global policy, and AI developments.
Microsoft has issued an out-of-band security update for a critical Remote Code Execution vulnerability, CVE-2025-59287, in its Windows Server Update Service. The flaw, which has a CVSS score of 9.8, is under active exploitation by threat actors, prompting a high-priority alert from CISA.
Japanese retail giant Muji has suspended all online sales after a ransomware attack crippled its logistics partner, Askul Corporation, affecting multiple major retailers and highlighting critical supply chain vulnerabilities.
Vocus Group, the parent company of Dodo and iPrimus, has confirmed a cyberattack that exposed sensitive customer data and led to unauthorised SIM-swap incidents. The breach affected 1,600 customers, underscoring rising cybersecurity threats in Australia’s telecom sector.
The US Department of Homeland Security has confirmed a major cybersecurity breach affecting FEMA and CBP employees. The attacker exploited a Citrix vulnerability to infiltrate internal systems, prompting mass staff firings and renewed scrutiny over federal cybersecurity practices.
Where cybersecurity meets innovation, the CNC team delivers AI and tech breakthroughs for our digital future. We analyze incidents, data, and insights to keep you informed, secure, and ahead. Sign up for free!
