Cardiovascular Consultants (CVC Heart) listed on Qilin gang ransomware site

Cardiovascular Consultants LTD (CVC Heart), based in Arizona, might have experienced a ransomware incident, but there has been no confirmation from the organization as of yet. Currently, the only evidence of such an attack comes from dubious assertions by the Qilin ransomware collective and a supposedly available data archive, which turns out to be inaccessible.

On October 25, CVC Heart's information was discovered on the dark web leak site of a group named Qilin, suggesting that personal data belonging to the company's clients and staff could be downloaded. The alleged download link, claimed to be a hefty 205.93 GB file, is non-functional. This could potentially be a tactic to intimidate CVC Heart into paying a ransom. Inquiries made to Qilin about the faulty link, including attempts to contact them through their Jabber account, have gone unanswered.

Cardiovascular Consultants LTD has also not disclosed any detail nor responded to questions. Without any verification, the allegations made by Qilin stand uncorroborated.

Update - CVC's parent company, Fresenius Medical Care AG, disclosed to the SEC that the data breach resulted with encrypted and stolen data, impacting around 500,000 patients and 200 staff across multiple regions.