Cyber Incident Victim: Vice Society
Date:
Nov 2022
Location:
Spain
Summary
A telecommunications company in Paraguay experienced a malicious cyberattack causing service disruptions, with minimal impacts on core operations due to preventive measures. The attackers' identity remains unconfirmed, and no ransom demand was reported, although some users encountered issues with the isolated digital wallet platform. Separately, Vice Society leaked patient health data from a Spanish medical facility on their site, with no official acknowledgment or response from the affected organization. Concurrently, multiple Latin American entities faced cyber incidents, including an observatory in Chile halting operations post-attack, though no group claimed responsibility for that event.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 4, 2022, Vice Society listed Unidad Medica AngloAmericana, a Spanish medical entity, on its data leak site with confirmed patient health data exposures. The attackers publicly disclosed sensitive medical information, though the specific volume of records compromised and the exact data types were not detailed in available reports. No official statement from Unidad Medica AngloAmericana acknowledging the incident or notifying affected patients was identified at the time. The healthcare facility also did not respond to external inquiries about the breach, leaving the operational impact and internal response actions undocumented. This incident occurred amid broader regional cyber activity, including unrelated attacks on Latin American organizations like Personal Paraguay, which suffered service disruptions from an October 28 cyberattack but did not attribute it to Vice Society.
The Vice Society leak coincided with other cybersecurity events reported in late October 2022, though no direct operational links were established. Chile’s ALMA Observatory halted operations after an October 29 cyberattack but reported no ransom demand or claiming group, while Lockbit 3.0 unverifiedly listed several Latin American entities as victims without proof packs. Personal Paraguay’s prolonged service outages and customer complaints about its isolated wallet platform illustrated regional infrastructure vulnerabilities, though its incident lacked a confirmed ransomware group affiliation. Vice Society’s breach of Unidad Medica AngloAmericana remained isolated in public reporting, with no further updates on containment measures, forensic findings, or data recovery efforts. The absence of disclosed attacker communications or ransom demands in this case contrasted with other contemporaneous incidents where threat actor negotiations or financial motives were explicitly documented.