Avosina Healthcare Solutions
Analysis of the Avosina Healthcare ransomware attack by Qilin group affecting 44,425 individuals.
Published by the Scrutex.ai Research Team | January 2026
Disclaimer
This advisory is provided for informational and educational purposes only by the Scrutex research team. It is based entirely on publicly available reporting from the sources cited below. Where details are unconfirmed or disputed by the affected organisation, this is noted explicitly. Scrutex does not independently verify internal claims made by affected organisations or threat actors. This advisory should not be interpreted as a confirmed statement of fact regarding any organisation's security posture. Organisations concerned about their own exposure should conduct independent assessments and seek professional legal advice.
At a Glance
Organisation
Avosina Healthcare Solutions
Healthcare solutions provider in the United States offering clinical and administrative services to healthcare organisations.
Sector
Healthcare
Region
United States
Date of Incident
Prior to January 2026 (exact date not disclosed)
Date Disclosed
January 2026
Estimated Impact
44,425 individuals
Data Types Exposed
Protected health information (specific fields not publicly detailed)
Attack Type
Ransomware
Attack Vector
Ransomware deployment by Qilin group (specific initial access vector not disclosed)
Threat Actor
Qilin ransomware group
Current Status
Under investigation. HIPAA breach notification filed.
Severity Assessment
High. Over 44,000 individuals had protected health information exposed in a ransomware attack by the active Qilin group.
What Happened
In January 2026, Avosina Healthcare Solutions disclosed a ransomware attack affecting 44,425 individuals. The Qilin ransomware group has been linked to the incident.
The compromised data reportedly includes health data. HIPAA breach notification requirements apply.
Timeline
January 2026
Avosina Healthcare Solutions discloses ransomware attack affecting 44,425 individuals
Threat Actor Profile
Qilin (also known as Agenda) is a ransomware-as-a-service (RaaS) operation active since mid-2022, known for targeting healthcare, education, and manufacturing sectors.
The group operates a double-extortion model, encrypting data and threatening to publish it on their leak site if ransom demands are not met.
Impact and Risk Assessment
For Affected Individuals
44,425 individuals had their protected health information exposed, with the risk of data publication on Qilin's dark web leak site.
For Organisations
Avosina faces potential HIPAA enforcement action, reputational damage, and operational disruption from the ransomware encryption.
Regulatory Context
HIPAA breach notification requirements apply. The HHS Office for Civil Rights tracks healthcare ransomware incidents as a growing enforcement priority.
What Should You Do?
If You Are a Potentially Affected Individual
If you are notified by Avosina, review your explanation of benefits statements for signs of medical identity fraud.
If You Are a Security or Risk Professional
Healthcare organisations should prioritise endpoint detection, network segmentation, and immutable backup procedures to mitigate ransomware risk.
Monitor threat intelligence feeds for Qilin indicators of compromise and ensure your security tools can detect their known tactics.
Learnings and Recommendations
Qilin is an active ransomware group targeting healthcare. Organisations in this sector should prioritise endpoint detection, network segmentation, and tested backup and recovery procedures.
Sources
This advisory is provided for informational purposes by the Scrutex.ai research team. It is based on publicly available reporting from the sources cited above. Where details are unconfirmed or disputed, we have noted this accordingly. Scrutex.ai does not independently verify internal claims made by affected organisations. Organisations concerned about their own exposure are encouraged to conduct their own assessments and seek professional advice where needed.
Stay ahead of the next breach
Scrutex monitors dark web sources, breach databases, and threat actor activity continuously, detecting exposure that affects your organisation before it becomes a headline.