Cyber Incident Victim: Vice Society
Date:
Nov 2022
Location:
Spain
Summary
A Spanish medical institution, Unidad Medica AngloAmericana, experienced a cybersecurity incident involving unauthorized exposure of patient health data by the Vice Society group, which listed the organization on its leak site. The attackers publicly disclosed sensitive medical information, though no official statements from the victim or responses to inquiries were identified regarding the breach's scope or mitigation efforts. This incident reflects the group's pattern of targeting healthcare entities to exfiltrate and disseminate protected health records without immediate claims of ransom demands.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In late October and early November 2022, Paraguayan telecommunications provider Personal Paraguay experienced a disruptive cyberattack affecting multiple services. The company first acknowledged service disruptions on October 28 via a Facebook post, with frustrated customers reporting three days of ongoing issues. On October 29, Personal Paraguay confirmed a malicious attack on their computer systems, attributing continued operation of core services (internet, mobile telephony, and television flow) to existing security measures while acknowledging minor disruptions. The company stated its technical teams were working intensively to restore affected systems. By November 2, restoration efforts remained ongoing, with the company proactively isolating its personal wallet platform to protect user funds and data integrity despite some customers reporting wallet-related issues. Personal Paraguay did not disclose the attack vector or identify responsible threat actors and explicitly stated no ransom demand had been received. The company failed to respond to multiple inquiries from DataBreaches.net regarding the incident via email and Facebook messages between October 31 and November 2.
Separately, Vice Society listed Spain's Unidad Medica AngloAmericana on its data leak site around this timeframe, exposing patient health information. No official statements from the medical facility acknowledging the breach or notifying affected individuals were identified, nor did the organization respond to external inquiries about the incident. Concurrently, multiple other cyber incidents occurred across Latin America and Spain between October 25-29, including Lockbit 3.0's unverified claims against several organizations and an operational halt at Chile's ALMA Observatory following a cyberattack. These parallel incidents occurred without confirmed attribution to Vice Society, whose activities during this period remained specifically linked to the Unidad Medica AngloAmericana patient data exposure. The medical facility's lack of public communication left the scope of compromised data and operational impacts unconfirmed.