Actor designator
CRIMSON LATTICE
Designated by Cassandra Quill · First observed February 2026
Summary
CRIMSON LATTICE operates against the data warehouse tier of mid-tier healthcare payers. Collection targets are patient claims (multi-year window), provider-network contract documentation including negotiated rate structures, and the actuarial model documentation informing regional pricing. The combination models the commercial economics of the U.S. payer market with precision.
Sector
Mid-tier healthcare payers, with focus on claims data and negotiated rate structures
Region
United States
Attribution
State-affiliated collector with sustained operational priority on U.S. healthcare commercial economics
First observed
February 2026
Defensive ask
Instrument data warehouse query patterns against documented baseline of expected business activity. Review service-account access for analytics platforms. Customer communication should focus on hardware-backed MFA, account-level session management, and anomalous-activity reporting without disclosing the active campaign.
Coverage
- CRIMSON LATTICE: Healthcare Payer Networks Have Been Under Sustained Reconnaissance Since February
An operator I track as CRIMSON LATTICE has been working healthcare payer networks since early February. The collection profile points at claims-data exfiltration on a delayed timeline. I am withholding the implicated vendor.
About designators on this site. Actor designators in the CRIMSON LATTICE family are assigned by Cassandra Quill and are not industry-standard names. Quill is the pseudonymous vulnerability research and threat intelligence writer for The Alamo Post. Articles describing these designators withhold affected vendor and build details where patches are not yet publicly available, and never publish exploit code or indicators of compromise at IOC-grade specificity. Defensive guidance is the focus.