Billing Providers Agency Notifying Medical Lab Sufferers of Hack

A income cycle administration software program agency is notifying sufferers of a number of associated medical diagnostic laboratories that hackers stole their delicate data, together with diagnoses and medical therapies, in a November hack.

See Additionally: Cut back Cloud Danger in Healthcare with Safety by Default

Ransomware gang Everest Group claimed to be behind the incident, publishing stolen knowledge on its leak web site.

Catalyst RCM, which is headquartered in Texas, is sending breach notification letters to an undisclosed quantity sufferers of a minimum of three of its diagnostic laboratory shoppers.

These laboratory shoppers embrace KorPath, a pathology testing companies agency, Korgene, a molecular diagnostic lab specializing in pathogen detection and Vikor Scientific, which makes a speciality of antibiotic resistance testing and associated companies.

Korgene is a part of Vikor Scientific, which lately rebranded its firm as Vanta Diagnostics. KorPath on its web site additionally says it companions with Vanta Diagnostics for some testing companies.

Catalyst mentioned in its breach notification letter that it supplies medical coding and billing companies to the three labs.

Within the notification letter, Catalyst RCM mentioned that on Nov. 13, 2025, it was “made conscious of suspicious exercise associated to sure data maintained inside its safe file administration system.”

An inner investigation decided that hackers used a licensed login and password to entry a server between Nov. 8 and Nov. 9, 2025. Information was copied with out permission “creating an unauthorized use of the info,” Catalyst RCM mentioned.

Catalyst RCM describes itself as a “knowledge centric” income cycle administration firm providing specialised medical billing, coding and enterprise analytics services to healthcare suppliers throughout the USA.

Catalyst RCM in an announcement posted on its web site mentioned that within the aftermath of the incident, the corporate has reviewed and up to date its protocols, insurance policies and procedures.

Everest Group on its darkweb leak website lists Vikor Scientific, Korgene and KorPath as November 2025 victims. Everest claims knowledge for all three labs is revealed and “duplicated throughout varied hacker boards and leak database websites” as a result of corporations failing to “reply by deadline” to the gang’s calls for.

For Vikor Scientific and Korgene, Everest claims it respectively has 9.39 gigabytes and 505 megabytes of the labs’ knowledge. That features 25,303 Vikor PDFs and 1,344 Korgene PDFs containing sufferers’ medical information, billing data and different “personal data,” Everest claims.

KorPath’s hacked database contained greater than 1.2 GB of information, together with almost 7,500 PDFs that includes “an enormous number of private paperwork,” similar to digital medical information, billing data and different delicate data, Everest claims.

A number of regulation companies say they’re investigating the Catalyst RCM incident for potential class motion litigation.

Catalyst RCM is amongst an extended and rising listing of income cycle administration, medical coding and billing companies distributors reporting vital well being knowledge breaches in latest months and years (see: FieldTex, Trizetto Reveal New Healthcare Breaches).

Essentially the most notable income administration breach to this point concerned Change Healthcare, a UnitedHealth Group unit that gives medical coding, billing and lots of different associated IT companies to the healthcare sector.

A 2024 cyberattack on Change Healthcare launched by Russian-speaking ransomware gang AlphV/BlackCat resulted in a well being knowledge breach affecting 1000’s of its shoppers and greater than 193 million people within the U.S.