Signal Focus
Initial access brokers
Surge in LATAM brokers bundling VPN and EHR access, often sourced from mid-market providers with outsourced IT. Listings highlight credential reuse and weak MFA coverage.
Industry spotlight
Healthcare threat intelligence
Tracking ransomware crews, brokers, and data-leak actors targeting hospitals, insurers, and life sciences organizations. Evidence-grade signals help CISOs and counsel pre-empt extortion and ensure continuity of care.
Ransomware & brokered access
Hospital & clinic telemetry
Counsel-ready reporting
Operational Risk
Patient data extortion
Leak sites advertise curated medical records and insurance bundles, increasing breach notification costs and regulatory exposure for covered entities.
Recommended Action
Scenario exercises
Coordinate IR tabletop sessions across clinical, legal, and privacy teams using latest actor TTPs and business disruption playbooks.
Featured briefs
Redacted glimpses from the healthcare collection.
Play RaaS pivots to brokered access in LATAM healthcare
RansomwareSept 26, 2025 • LATAM • Hospitals & clinics
Play affiliates partner with access brokers selling curated VPN, Citrix, and RDP credentials from regional providers, compressing dwell time and response windows.
Open briefNeed deeper coverage?
Subscribers receive weekly digests on ransomware crews, access brokers, and data-leak marketplaces targeting healthcare ecosystems.
Request accessBriefing coverage
- • Ransomware negotiation timelines & payment analytics
- • Brokered credentials for EHR, ERP, and remote access systems
- • Emerging leak site operators with healthcare focus
- • Law-enforcement actions and industry disruption signals
Talk with an analyst
Get a guided walkthrough of healthcare holdings, collection depth, and redaction workflow. Custom reporting options are available for counsel, privacy, and resilience teams.
[email protected]