Ransomware gang Qilin yesterday took credit for a data breach that hit MedImpact Healthcare earlier this month.
MedImpact on October 27, 2025 said it identified ransomware on its systems and took measures to contain it. The company, a pharmacy benefits manager (PBM), did not say what data was compromised in the attack.
In a post on its data leak site, Qilin said it stole 160 GB of data from MedImpact. To prove its claim, Qilin posted sample images of what it says are documents stolen from MedImpact. Many of the images appear to be from Elixir Solutions, a company that MedImpact acquired from RiteAid last year.
MedImpact has not verified Qilin’s claim. We do not know what data was compromised, how many people might be affected, how attackers breached MedImpact’s systems, if MedImpact paid a ransom, or how much Qilin demanded. Comparitech contacted MedImpact for comment and will update this article if it replies.
“MedImpact is currently working to restore impacted systems in a new environment that is segregated from the prior infrastructure and protected by multiple layers of defense. Due to these measures, as of today, pharmacy claims for all clients are now adjudicating,” says MedImpact’s notice.
Who is Qilin?
Qilin is a ransomware gang that started taking credit for attacks on its data leak site in late 2022. Based in Russia, Qilin mainly targets victims through phishing emails to spread its ransomware. It runs a ransomware-as-a-service business in which affiliates pay to use Qilin’s malware to launch attacks and collect ransoms.
Qilin has been the most active ransomware group this year. It’s made more than 700 attack claims in 2025 to date, 122 of which were confirmed by the targeted organizations.
Two other entities this month have confirmed cyber attacks claimed by Qilin: KIS Pricing in Japan and the city of Sugar Land, Texas.
Qilin launched attacks against a number of companies operating in the healthcare sector this year. In another such attack, drug research company Inotiv reported an August 2025 attack for which Qilin took responsibility.
Ransomware attacks on US healthcare businesses
In 2025 to date, Comparitech researchers have logged 12 confirmed ransomware attacks on US healthcare businesses that do not provide direct care to patients, compromising nearly 5.5 million records. Most of those records, 5.4 million, stem from a single attack on medical software company Episource in January.
In 2024, we recorded 30 such attacks that compromised a total of 196.2 million records. Again, the vast majority were compromised in a single data breach. The attack on Change Healthcare compromised 192.7 million records and resulted in a $22 million ransom payment, only for the data to resurface again weeks later.
Ransomware attacks on healthcare businesses can both lock down computer systems and steal data. They can cripple critical systems and endanger the health, privacy, and security of patients. Targeted companies must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk.
About MedImpact and Elixir Solutions
MedImpact is a pharmacy benefit manager (PBM) that says it serves more than 20 million people and processes more than $40 billion in pharmacy transactions per year. In 2024, it acquired another PBM, Elixir Solutions, from then-bankrupt Rite Aid for $576.5 million.
