Cyber Incident Victim: Vikor Scientific
Date:
Nov 2025
Location:
United States of America
Summary
The healthcare diagnostic firm Vikor Scientific disclosed that a data breach exposed the personal information of nearly 140,000 individuals. The breach originated from Catalyst RCM, a revenue cycle management provider, after attackers used compromised credentials to access its file management system and exfiltrate names, dates of birth, payment card details, medical data, and health insurance information. The ransomware group Everest listed the firm and its affiliated laboratories on its leak site and published the allegedly stolen data. Catalyst, KorPath, and Korgene have not yet provided the exact count of affected individuals to the HHS tracker, leaving uncertain whether the reported figure represents the total impact.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In November 2025 the Everest ransomware group added Vikor Scientific, along with its affiliated diagnostic laboratories KorPath and Korgene, to its leak website. The group subsequently published data allegedly stolen from those companies. Around the same time the breach was recorded in the U.S. Department of Health and Human Services healthcare data breach tracker, which listed Vikor Scientific (recently rebranded as Vanta Diagnostics) as the victim of a compromise affecting 139,964 individuals. The breach was highlighted in the HHS tracker and later detailed in a SecurityWeek article published on February 23, 2026.
Investigations traced the origin of the breach to Catalyst RCM, a provider of revenue cycle management solutions that serves Vikor Scientific, KorPath, and Korgene. Catalyst reported detecting suspicious activity within its secure file management system in mid‑November 2025. An inquiry determined that compromised credentials had been used to gain access to the system. The files exfiltrated by the attackers contained names, dates of birth, payment card details, medical information, and health insurance information.
Catalyst issued a breach notice to affected individuals, explaining that the compromised data arose from the medical coding and billing services it performs for the three diagnostic companies. The notice disclosed the scope of the stolen data but did not provide a separate count of impacted individuals for Catalyst, KorPath, or Korgene. As a result, the total number of people affected remains uncertain, with the HHS figure of 139,964 possibly representing only a portion of the overall impact. The available sources do not provide additional information on containment, remediation, or ongoing mitigation efforts.