114/69 Wednesday, February 25, 2026
Vikor Scientific (also known as Vanta Diagnostics), a U.S.-based molecular diagnostic testing provider, has reported a data breach to the Department of Health and Human Services (HHS) after discovering that the personal and medical information of 139,964 patients was accessed without authorization. The incident first came to light in November 2025, when the Everest ransomware group published the names of affiliated entities, including KorPath and Korgene, on its leak site and claimed to have stolen more than 12 GB of sensitive documents.
An investigation determined that the breach did not originate from a direct attack on Vikor Scientific’s internal systems. Instead, it stemmed from a compromise involving a third-party service provider, Catalyst RCM, which delivers revenue cycle management and medical billing services. Threat actors reportedly used compromised user credentials to access a file management system and exfiltrate sensitive data, including names, dates of birth, payment card information, medical records, and health insurance details.
The affected companies are currently notifying impacted individuals and coordinating with relevant authorities to assess the full scope of the incident. The total number of affected individuals may change as additional reviews of affiliated entities are completed. This incident highlights the growing risks associated with supply chain management in the healthcare sector. Organizations are advised to strengthen access controls, secure user accounts, and conduct regular security assessments of third-party vendors to mitigate such risks.
Source https://www.securityweek.com/us-healthcare-diagnostic-firm-says-140000-affected-by-data-breach/
