THE Everest ransomware group has claimed responsibility for a cyberattack on Vikor Scientific, which now operates as Vanta Diagnostics, exposing data of nearly 139,964 people, according to the US Department of Health and Human Services (HHS). The breach is linked to Catalyst RCM, a third‑party revenue cycle management provider, with detection of suspicious activity on or around 13 November 2025 and an access event on 8–9 November 2025 that involved an authorised login being misused to copy data.
Everest representatives stated the theft encompassed internal documents containing a wide range of personal information, including EMRs, patient data, and billing details, and the group published data related to Vikor Scientific on its Tor data leak site in November 2025. Catalyst RCM’s review identified that the Everest breach affected a database containing 25,303 PDF files (9.39 GB) from Vikor and a Korgene database with 1,344 PDF files (505 MB).
Catalyst notified partners and completed its data review by 12 December 2025, and the organisation offered free credit monitoring and identity restoration to impacted individuals. The article notes the breach concerns patients’ potential names, dates of birth, medical history, and health insurance information, among other data categories.