# Everest Ransomware Strikes Again: 140,000 Patient Records Exposed in Massive Data Breach

In a devastating cyberattack, the notorious ransomware group, Everest, has claimed responsibility for a breach of Vikor Scientific (now operating as Vanta Diagnostics), a healthcare diagnostic firm. The attack exposed sensitive data of nearly 140,000 individuals, highlighting the vulnerability of medical records to cyber threats.

The incident began when Catalyst RCM, a third-party provider of revenue cycle management services, detected suspicious activity in its secure file system around November 13, 2025. An investigation revealed that an authorized login was misused to access a server on November 8-9, 2025, and copy data without permission. This unauthorized access led to the theft of Vikor Scientific's database containing 25,303 PDF files (9.39 GB) and Korgene's database containing 1,344 PDF Files (505 mb).

The Everest ransomware group claimed that the stolen data included "internal company documents" with a vast array of personal documents, EMRs, patient's private information, billing information, and more. The group added Vikor Scientific and its affiliated labs, KorPath and Korgene, to its Tor data leak site, publishing allegedly stolen data in November 2025.

Catalyst RCM took immediate action after discovering the breach, notifying potentially affected individuals and conducting a thorough review of compromised data. They updated policies to prevent future incidents and are not aware of any identity theft or fraud. The company is offering free credit monitoring and identity restoration to impacted individuals, encouraging them to monitor accounts, review credit reports, and follow guidance on freezes, alerts, and protecting personal information.

The incident serves as a stark reminder of the importance of robust cybersecurity measures in healthcare organizations. Vikor Scientific's decision not to pay the ransom may have prevented further damage, but it highlights the need for proactive security strategies to mitigate such threats. As the cyber threat landscape continues to evolve, it is essential for organizations and individuals alike to stay vigilant and adapt to emerging risks.

The data breach notification published by Catalyst RCM provides a glimpse into the scope of the incident:

"The categories of information that may be involved varies by individual, but could include some combination of name, date of birth, payment card information with access code, medical treatment, history, or diagnosis information, and health insurance information."

As cybersecurity experts, we must remain vigilant in our efforts to prevent such breaches. By staying informed about emerging threats and adopting robust security measures, we can help protect sensitive data and prevent the devastating consequences of cyberattacks.

**Key Takeaways:**

* The Everest ransomware group claimed responsibility for a breach of Vikor Scientific (Vanta Diagnostics), exposing sensitive data of nearly 140,000 individuals. * The attack occurred when an authorized login was misused to access a server on November 8-9, 2025, and copy data without permission. * Catalyst RCM took immediate action after discovering the breach, notifying potentially affected individuals and conducting a thorough review of compromised data. * The company is offering free credit monitoring and identity restoration to impacted individuals.

**Conclusion:**

The recent cyberattack on Vikor Scientific serves as a stark reminder of the importance of robust cybersecurity measures in healthcare organizations. By staying informed about emerging threats and adopting robust security strategies, we can help protect sensitive data and prevent devastating consequences.