Qilin Ransomware Targets Pathology Associates of Saint Thomas

On January 14, 2026, the ransomware group Qilin claimed responsibility for an attack targeting Pathology Associates of Saint Thomas, a healthcare provider in the United States. The available metadata does not indicate whether the attackers deployed ransomware to encrypt systems or if the incident was limited to data exfiltration and extortion. Qilin has stated that it possesses sensitive medical information and has threatened to publish the full dataset unless the organization initiates contact through the group’s communication channels.

The incident highlights the ongoing targeting of healthcare organizations by ransomware groups due to the high value of patient data and the critical nature of healthcare services. Potential impacts include operational disruption, regulatory and legal exposure, financial losses, and reputational harm. It is highly likely that Qilin and similar threat actors will continue to target healthcare providers, reinforcing the need for strong defensive controls, incident preparedness, and employee security awareness.

Industry reporting indicates that Qilin operators commonly gain access using stolen administrative credentials to compromise VPN or enable RDP in environments lacking multi-factor authentication. Once inside, they perform network discovery using built-in Windows tools, harvest credentials with utilities such as Mimikatz and NirSoft, and exfiltrate sensitive data using legitimate software like Cyberduck before proceeding toward broader access and potential ransomware deployment.