The Maine-based mental health provider AMHC recently suffered a ransomware attack reportedly carried out by the Russia-linked cybercrime group Qilin. Although the organization is investigating the network disruption with specialists, they have declined to negotiate with the hackers despite being listed on a dark web leak site.

AMHC, a major behavioral healthcare provider serving rural Maine across Aroostook, Hancock, and Washington counties, recently confirmed it is dealing with a significant network disruption. The organization, which employs over 350 people and serves thousands of clients, discovered it had been targeted after appearing on a list of victims published by the cybercrime group known as Qilin. While the nonprofit has engaged cybersecurity specialists to investigate the scope of the breach, they have not yet clarified exactly when the attack took place or what specific data may have been compromised.

The group claiming responsibility, Qilin, is currently viewed by many analysts as one of the most prominent ransomware threats globally. Operating out of Russia since 2022, the group uses a service-based model where they lease their malicious software to other hackers for a share of the profits. Despite their name being derived from Chinese mythology, federal health officials in the United States have identified the group as a Russian-based operation that has scaled its activities significantly over the last few years.

In a statement regarding the incident, a spokesperson for AMHC noted that the appearance of the company's name on the dark web is a direct result of their refusal to engage or bargain with the cybercriminals. The organization has maintained a firm stance against paying a ransom, choosing instead to focus on a formal investigation. They have pledged to notify all relevant parties and fulfill legal obligations as they uncover more details about the nature of the data involved in the breach.

This attack follows a year of intense activity for Qilin, which claimed responsibility for hundreds of attacks throughout 2025. The group gained international notoriety previously for a high-profile strike against a medical provider in the United Kingdom that caused massive disruptions to patient appointments. This incident highlights a growing trend of cybercriminals targeting essential healthcare infrastructure, where the pressure to restore services quickly is highest due to the sensitive nature of the work.

The situation at AMHC reflects a broader national crisis regarding digital security and the rising cost of cybercrime. Recent federal reports indicate that financial losses from ransomware attacks have surged by over thirty percent in a single year, reaching billions of dollars annually. As organizations like AMHC navigate these threats, the focus remains on balancing the immediate need for service restoration with the long-term security and privacy requirements of their vulnerable client populations.

Source: https://beyondmachines.net/event_details/maine-mental-health-provider-amhc-targeted-by-qilin-ransomware-group-d-7-d-8-7