The Maine mental health agency AMHC was the subject of a ransomware attack this month allegedly perpetrated by a Russia-based cybercrime group.
Qilin, which analysts have cited as the world’s leading ransomware threat, added the Presque Isle-based healthcare organization to a list of victims on its dark web data leak site Tuesday, according to screenshots and reports posted by more than a dozen websites and groups that track ransomware.
AMHC is the largest behavioral healthcare provider for a large swath of rural Maine, operating in Aroostook, Hancock and Washington counties. It has more than 350 employees and over 5,500 clients between 27 service locations, according to its website.
The organization acknowledged the attack in a statement to the Bangor Daily News Wednesday, saying that it “recently experienced a network disruption,” and that it had partnered with “cyber incident specialists” to investigate.
“Our investigation into this incident remains ongoing,” Clare Hickey, a spokesperson for the nonprofit said. “However, we understand that this posting of our name is a byproduct of us choosing not to deal with the cybercriminals behind the disruption to our network. “
It’s unclear when the attack occurred or if the cybercrime group stole any data. AMHC declined to share further details.
“As we learn more about the scope and nature of this incident, we will update relevant parties accordingly, and will take all steps necessary and legally required of our organization,” Hickey said.
Qilin operates as a ransomware-as-a-service (RaaS) business model, in which it sells or leases its malicious software to other hackers. The group began operation in 2022 and likely originates from Russia, according to a 2024 threat profile released by the U.S. Department of Health and Human Services, despite sharing a name with a hooved Chinese mythological creature.
The cybercriminal organization claimed responsibility for more than 700 attacks in 2025 by late October. It made headlines in June 2024 for a ransomware attack on a UK pathology provider that disrupted more than 10,000 appointments and led to the death of one person.
The FBI’s latest Internet Crime Report totaled $16.6 billion in losses to ransomware attacks in 2024, a 33% rise from the previous year as overall complaints of cybercrime also grew.