Quest Healthcare Solutions Data Breach

Alleged

Ransomware claim involving Quest Healthcare Solutions.

Published: Jul 2, 2026 Akira
Threat Level
High
Confidence: High

Quick Summary

Alleged
Company
Quest Healthcare Solutions
Industry
Business Services
Threat Actor
Akira
Date of Incident
Jul 2, 2026

Executive Summary

Quest Healthcare Solutions has been identified as a victim of the Anubis ransomware group, with the listing appearing on their dark web portal on July 2, 2026. This company operates within the healthcare sector, an industry frequently targeted by ransomware actors due to the sensitive nature of the data it holds. This incident follows a pattern of Anubis targeting healthcare organizations. In the 60 days preceding this listing, Anubis has claimed eight other victims, with a focus on the healthcare, business services, and financial services sectors. Geographically, victims are primarily located in the United States, the United Kingdom, and France. Previous targets with similar profiles include Boston Orthotics & Prosthetics and Singing River Health System, indicating Quest Healthcare Solutions fits within the group’s established targeting strategy.

Technical Analysis

SOCRadar’s analysis of stealer-log telemetry revealed no direct evidence of credential exposure for questhealthcaresolutions.com in the queried data. However, this does not confirm the absence of a breach. Credentials may have been harvested under different corporate domains, personal email aliases, or rotated before indexing. Ransomware groups like Anubis commonly use infostealer-harvested credentials for initial access, exploiting valid accounts on platforms like Microsoft 365, VPNs, or remote-access portals. The lack of evidence in the immediate query necessitates continued monitoring and proactive credential hygiene for the organization. Rules: – Title should be: [Company Name] Data Breach Do not include the date in the Title field. – Slug should come from the URL field by removing /data-breach/ and the trailing slash. – Company Name should be the victim organization name only. – Breach Date should use the published/listing date in YYYY-MM-DD format. – Short Description should come from the Meta Description if available. Otherwise use a concise one-sentence summary. – Subtitle should be short, for example: Ransomware claim involving [Company Name]. – Status should be alleged unless the text clearly says the breach is confirmed. – Threat Level should usually be high for ransomware listings. – Confidence Level should usually be high when SOCRadar identified the listing. – Regions should use the specific country/region names mentioned in the article, such as India, Denmark, United States, Germany, United Kingdom. If more than one is relevant, return all of them comma-separated. – Industries must use clean taxonomy names such as Manufacturing, Telecommunications, Business Services, Education, Finance, Transportation and Logistics. – Ransomware Groups should be ransomware group names only, for example Akira, Qilin, Morpheus. If more than one is relevant, return all of them comma-separated. – Executive Summary should be a short 1–2 paragraph summary of the listing, victim, sector, country, and threat actor context. – Technical Analysis should include the technical/CTI analysis from the article, such as stealer-log exposure, access risk, kill chain relevance, and defender actions. – Do not put Technical Analysis inside Executive Summary. – Remove the Disclaimer section completely. – Remove the Source line completely.