Pierluigi Paganini February 24, 2026

Everest ransomware claims an attack on diagnostic firm Vikor Scientific (Vanta Diagnostics), exposing data of nearly 140,000 people.

The Everest ransomware group has claimed responsibility for a cyberattack on Vikor Scientific, now operating as Vanta Diagnostics. The healthcare diagnostic firm disclosed a data breach impacting nearly 139,964 individuals, as reported by the US Department of Health and Human Services (HHS).

The incident stems from the attack on Catalyst RCM, a third-party provider of revenue cycle management services. Around November 13, 2025, Catalyst detected suspicious activity in its secure file system. The company launched an investigation into the incident that revealed that an authorized login was misused to access a server on November 8–9, 2025, and copy data without permission.

In November 2025, the Everest ransomware group added Vikor Scientific and its affiliated labs, KorPath and Korgene, to its Tor data leak site. Catalyst RCM likely did not pay the ransom, and the cybercrime gang published allegedly stolen data, including Vikor Scientific documents.

The group claimed the theft of “internal company documents contains a huge variety of personal documents, EMRs, Patient’s private information, Billing information etc.”.

Everest claimed the theft of the Vikor Scientific database containing 25,303 PDF files (9.39 GB) and Korgene database containing 1,344 PDF Files (505 mb).

Catalyst reviewed the information to identify sensitive data and notify potentially affected individuals, completing this process by December 12, 2025.

“The categories of information that may be involved varies by individual, but could include some combination of name, date of birth, payment card information with access code, medical treatment, history, or diagnosis information, and health insurance information.” reads the data breach notification published by Catalyst RCM.

After discovering the breach, Catalyst notified partners and conducted a thorough review of potentially compromised data, updating policies to prevent future incidents. The company is not aware of any identity theft or fraud, they offer free credit monitoring and identity restoration to the impacted people. Individuals are encouraged to monitor accounts, review credit reports, and follow guidance on freezes, alerts, and protecting personal information.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Vikor Scientific)