Maine mental health provider AMHC targeted in suspected Russian ransomware attack

A major behavioral healthcare provider in rural Maine has been targeted in a ransomware attack linked to a Russia-based cybercrime group, disrupting its network and prompting an ongoing investigation into the scope of the incident.

Aroostook Mental Health Center, known as AMHC, confirmed it recently experienced a network disruption and has engaged cyber incident specialists to assess and respond to the attack. The nonprofit organization provides behavioral health services across Aroostook, Hancock, and Washington counties, serving more than 5,500 clients through 27 locations with a workforce of over 350 employees.

The ransomware group Qilin added AMHC to its dark web data leak site this week, signaling a potential breach. The group operates under a ransomware-as-a-service model, in which it develops and distributes malicious software to affiliated attackers. Qilin has been active since 2022 and is believed to originate from Russia.

AMHC stated that the listing of its name on the group’s leak site is tied to its decision not to engage with the attackers. The organization has not disclosed when the attack occurred or whether any sensitive data was accessed or exfiltrated.

“Our investigation into this incident remains ongoing,” spokesperson Clare Hickey said. “As we learn more about the scope and nature of this incident, we will update relevant parties accordingly and take all necessary and legally required steps.”

Qilin has emerged as one of the most active ransomware threats globally, with more than 700 claimed attacks in 2025 by late October. The group gained international attention in 2024 following an attack on a United Kingdom pathology services provider that disrupted more than 10,000 medical appointments and was linked to a patient death.

Ransomware incidents continue to rise sharply. The FBI’s latest Internet Crime Report recorded $16.6 billion in losses from ransomware attacks in 2024, marking a 33% increase from the previous year alongside a broader surge in cybercrime complaints.

AMHC has not provided additional details on the operational impact of the attack or whether patient services have been affected.