18.09.2025
2 min
509
The Baltimore Medical System (BMS), a medical network serving about 90,000 patients in Maryland, has been the victim of a cyberattack by the Brain Cipher group. The attackers claimed to have stolen several terabytes of data and have already posted it on the darknet after the company refused to pay the ransom.
BMS is the largest Federally Qualified Health Center in Maryland, which is funded by the state and operates mainly in areas with low levels of medical care. According to the Cybernews investigation, the data posted on the Brain Cipher blog on the darknet includes:
backup copies of file systems and databases;
personal user data;*ʼ
large amounts of medical records (sample files reach over 800 GB).
Theft of such information poses dangerous risks: from medical fraud and identity theft to blackmailing patients based on their medical history. It is especially critical that medical and biometric data cannot be “replaced” like passwords or bank cards.
The Brain Cipher group appeared in mid-2024, but has already managed to attack large companies, including even Deloitte. Their tools are based on the malicious code of the LockBit family, and the tactics include multi-level blackmail: theft, data leakage and extortion.
According to the Ransomlooker monitoring system, Brain Cipher has attacked at least 30 organizations in various critical areas: from medicine to government agencies.
The attack on BMS once again confirms: the healthcare sector is one of the most vulnerable to cyber-blackmail. Companies and government agencies should implement multi-level protection, operational backup systems and monitoring of the darknet. Patients are advised to be vigilant for suspicious attempts to use their data in financial or medical transactions.
