25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Qilin Ransomware Group Exploiting Critical Fortinet Flaws

Posted By on Jun 11, 2025

The Qilin ransomware group has been observed exploiting two critical vulnerabilities in FortiOS/FortiProxy devices. While the group appears to be targeting Spanish-speaking countries, attacks exploiting these vulnerabilities are expected to spread. Qilin is a ransomware-as-a-service (RaaS) operation that emerged in August 2022, first operating under the name Agenda. While not one of the most prolific ransomware groups, Qilin has claimed responsibility for more than 300 attacks, including attacks on healthcare providers and healthcare industry vendors.

Recent Qilin healthcare victims include The Health Trust in California, Next Step Healthcare in Massachusetts, and Central Texas Pediatric Orthopedics. Qilin was the group behind the hugely disruptive ransomware attack on the UK NHS pathology services vendor Synnovis last year. The company has still not fully recovered from the attack. The Health Sector Cybersecurity Coordination Center (HC3) issued a threat profile about the Qilin ransomware group in June last year due to the threat the group poses to the U.S. Healthcare and Public Health Sector.

PRODAFT, a threat intelligence company based in The Hague in the Netherlands, recently observed Qilin exploiting two Fortinet vulnerabilities, the critical out-of-bounds write vulnerability CVE-2024-21762 and the critical authentication bypass vulnerability CVE-2024-55591, both of which affect FortiOS and FortiProxy SSL-VPN devices. The first vulnerability can be exploited remotely to execute arbitrary code or commands, and the second vulnerability can be exploited to gain super-admin privileges.

According to PRODAFT, Qilin was behind a coordinated intrusion campaign targeting multiple organizations, which exploited the vulnerabilities in FortiGate firewalls. While the campaign was focused on Spanish-speaking companies, PRODAFT expects the campaign to spread to global targets. PRODAFT said Qilin is fully automating these attacks, with only victim selection performed manually.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Given that Qilin has targeted healthcare organizations in the past, and these vulnerabilities are known to have been exploited by other ransomware groups, healthcare organizations should check to make sure that these vulnerabilities have been fully remediated.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist