Nearly 140,000 people are affected by a data breach disclosed by healthcare diagnostic company Vikor Scientific.
The number of affected individuals came to light in recent days on the healthcare data breach tracker maintained by the US Department of Health and Human Services (HHS).
However, the narrative is not straightforward.
HHS’s tracker lists the South Carolina-based molecular diagnostics company Vikor Scientific (recently rebranded as Vanta Diagnostics) as the victim of a data breach that compromised the information of 139,964 individuals.
The incident came to light in November 2025, when the Everest ransomware group listed Vikor Scientific, along with affiliated diagnostic laboratory companies KorPath and Korgene, on its leak website. The cybercriminals later published data allegedly stolen from the companies.
However, the cybercriminals did not target Vikor and its affiliates directly. The data breach appears to stem from Catalyst RCM, a provider of revenue cycle management solutions.
Catalyst published a data breach notice on its website earlier this month, revealing that it detected suspicious activity within its secure file management system in mid-November 2025. An investigation showed that compromised credentials had been used to access data.
The company’s probe showed that the files stolen by the hackers stored names, dates of birth, payment card details, medical information, and health insurance information.
The Everest ransomware group claimed to have stolen roughly 12GB worth of documents from Vikor, Korgene, and KorPath.
According to Catalyst’s notification to impacted individuals, the compromised data was in its possession as a result of the medical coding and billing services it provides to Vikor Scientific, KorPath, and Korgene.
Catalyst, KorPath, and Korgene have yet to share the number of impacted individuals with the HHS. It’s unclear whether 139,964 is the total number of affected people or if it’s higher.
SecurityWeek has reached out to Catalyst RCM for clarification.
Related: Mississippi Hospital System Closes All Clinics After Ransomware Attack
Related: ApolloMD Data Breach Impacts 626,000 Individuals
Related: Central Maine Healthcare Data Breach Impacts 145,000 Individuals
