US Healthcare Diagnostic Firm Reports Data Breach Impacting Nearly 140,000 Individuals

Nearly 140,000 individuals have been affected by a data breach involving US-based diagnostic services provider Vikor Scientific, now operating under the name Vanta Diagnostics. The incident came to light after the Everest ransomware group published what it claimed were stolen files linked to the company and its associated partners.

According to disclosures submitted to the US Department of Health and Human Services, a total of 139,964 individuals were impacted. The breach appears to have originated not directly within Vikor’s internal systems, but through compromised credentials associated with a third-party revenue cycle management provider.

How the Breach Unfolded

Investigators believe the breach stemmed from compromised credentials within Catalyst RCM, a revenue cycle management vendor that provides billing and financial services support to healthcare organizations. Unauthorized actors reportedly accessed a secure file management system, enabling them to retrieve sensitive patient information.

The incident surfaced publicly in November 2025 when the Everest group posted data listings referencing Vikor Scientific, KorPath, and Korgene. While ransomware groups frequently exaggerate claims, regulatory filings confirm that sensitive information was indeed exposed.

What Information Was Exposed

The stolen files reportedly contained names, dates of birth, payment card information, medical data, and insurance details. Such a combination significantly elevates the risk of identity theft, medical fraud, and financial exploitation.

Healthcare data is particularly valuable on underground markets. Unlike credit card numbers, which can be quickly cancelled, medical records and identity information are long lived and can be reused in insurance fraud schemes, fraudulent billing, or social engineering attacks targeting patients.

Regulatory and Industry Impact

The US healthcare sector remains one of the most targeted industries for cybercriminals. In 2025 alone, hundreds of healthcare breaches were reported to federal regulators, with millions of patient records exposed nationwide. Third-party vendor access continues to represent a major risk vector.

In this case, the breach highlights systemic exposure within interconnected healthcare ecosystems, where diagnostic labs, billing providers, and data processors share access to protected health information. A weakness in one node can ripple across multiple entities.

Everest Ransomware Activity

The Everest group has been active in targeting healthcare, professional services, and government entities. The group typically exfiltrates data before encryption and uses leak sites to pressure victims into paying ransom demands.

While it remains unclear whether ransomware encryption was deployed in this incident, the public posting of allegedly stolen files indicates a data exfiltration component consistent with modern double extortion tactics.

What Affected Individuals Should Do

Individuals potentially affected should monitor financial statements and insurance claims for suspicious activity. Placing fraud alerts with credit bureaus may offer additional protection. Given the presence of medical and insurance data, vigilance against phishing attempts and healthcare billing scams is also recommended.

Organizations within the healthcare supply chain are being urged to reassess third-party access controls, enforce multi factor authentication, and audit secure file transfer environments. Vendor credential hygiene and continuous monitoring are increasingly becoming baseline security requirements rather than optional safeguards.