What You Need to Know about the Vikor Scientific Data Breach
Table of Contents
- Published: Feb 25, 2026
- Last Updated: Feb 25, 2026
Vikor Scientific is a molecular diagnostics company based in Charleston, South Carolina, that now operates under the brand name Vanta Diagnostics. The company owns KorGene, a molecular testing laboratory, and partners with KorPath, an anatomical pathology laboratory based in Tampa, Florida. These diagnostic facilities process sensitive medical testing for thousands of patients across the United States.
In November 2025, Vikor Scientific and its affiliated laboratories became victims of a data breach that exposed the protected health information of 139,964 individuals. The breach did not directly target Vikor Scientific's systems. Instead, the attack compromised Catalyst RCM, a third-party vendor providing revenue cycle management, medical coding, and billing services to Vikor Scientific, KorGene, and KorPath.
The Everest ransomware group claimed responsibility for the attack, listing the three companies on their dark web leak site in November 2025. After Catalyst RCM apparently refused to pay the ransom, the cybercriminals published approximately 12 gigabytes of stolen documents. The breach was reported to the US Department of Health and Human Services and added to the federal healthcare data breach tracker.
The exposed data included names, dates of birth, payment card information with access codes, medical treatment details, medical histories, diagnosis information, and health insurance information. The files primarily consisted of explanation of benefits documents, which contain comprehensive views of patients' healthcare interactions, making them particularly valuable for criminals engaged in medical identity theft and insurance fraud.
When Was the Vikor Scientific Data Breach?
The unauthorized access to Catalyst RCM's systems occurred between November 8 and November 9, 2025. An unauthorized individual used valid, compromised login credentials to access one of Catalyst's secure servers. The attacker bypassed authentication systems without triggering immediate security alerts.
Catalyst RCM discovered the suspicious activity on November 13, 2025, four days after the unauthorized access ended. The company detected anomalies within its secure file management system and promptly launched an internal investigation to determine what information had been accessed and which individuals might be affected.
The investigation required Catalyst to review the accessed server, examine the contents of compromised files, cross-reference data with patient records, and verify current mailing addresses for affected individuals. This comprehensive review was completed on December 12, 2025, nearly a month after the breach was discovered.
In mid-November 2025, the Everest ransomware group publicly listed the three companies on their dark web leak site, claiming they had stolen 25,303 PDF files totaling 9.39 gigabytes from Vikor Scientific and 1,344 PDF files totaling 505 megabytes from KorGene. When Catalyst presumably did not meet ransom demands, Everest published sample data from the breach. Written notification letters to affected individuals were dated February 6, 2026.
How to Check If Your Data Was Breached
If you received diagnostic testing services from Vikor Scientific, Vanta Diagnostics, KorGene, or KorPath, or if you visited healthcare providers who use these laboratories for diagnostic testing, your information may have been compromised in this breach. Here's how to determine if you were affected:
- Check your mail for notification letters from Catalyst RCM dated February 6, 2026, or later. These letters would have been sent to all identified affected individuals and include details about what information was compromised, steps Catalyst is taking, and complimentary identity protection services being offered.
- Review the US Department of Health and Human Services healthcare data breach tracker at hhs.gov/hipaa/for-professionals/breach-notification/breach-reporting. Search for Vikor Scientific to see the official breach report showing 139,964 affected individuals.
- Contact Vikor Scientific, Vanta Diagnostics, KorGene, or KorPath directly if you received laboratory testing services from these companies between 2024 and late 2025. Ask whether your records were stored in the compromised Catalyst RCM system.
- Check your explanation of benefits statements from your health insurance company. If you have explanation of benefits documents related to services provided by these laboratories during the relevant time period, there is a strong likelihood your information was in the breached files. Note that the compromised server primarily stored explanation of benefits documents.
What to Do If Your Data Was Breached
If you received notification that your information was compromised, take immediate protective action:
Enroll in the complimentary identity theft protection services offered by Catalyst RCM through IDX. The notification letters included instructions for enrolling in credit monitoring and CyberScan monitoring at no cost for 12 to 24 months. Take advantage of these services as soon as possible, as enrollment deadlines typically expire within a few months.
Be extremely vigilant about medical identity theft. Review all explanation of benefits statements you receive from your insurance company carefully. Look for medical services you did not receive, unfamiliar provider names, or charges for procedures you never had. Contact your health insurance company immediately if you notice any discrepancies.
Monitor your credit reports from all three major credit bureaus. Since the breach exposed payment card information with access codes, criminals may attempt financial fraud. Consider placing fraud alerts on your credit reports or freezing your credit entirely, which prevents anyone from accessing your credit report to open new accounts.
If payment card information was included in your compromised data, contact your credit card issuer immediately to request a new card with a different account number. Monitor your account statements closely for unauthorized charges and report any suspicious transactions immediately.
Request a copy of your medical records from your healthcare providers and review them for accuracy. Errors introduced by medical identity theft can have serious consequences if they lead to incorrect diagnoses or treatments based on someone else's medical history.
Are There Any Lawsuits Because of the Data Breach?
As of late February 2026, law firms specializing in data breach litigation have begun investigating potential class action lawsuits. Multiple law firms, including Class Action U and Emery Reddy, have published information about the breach and are evaluating potential legal claims against Catalyst RCM and the affected healthcare entities.
Potential legal claims could allege that Catalyst RCM and Vikor Scientific failed to implement adequate security measures to protect sensitive patient information. The use of compromised credentials suggests possible deficiencies in authentication protocols, password policies, multi-factor authentication implementation, or employee security training.
Healthcare data breaches raise serious legal issues because they involve violations of the Health Insurance Portability and Accountability Act, which establishes strict requirements for protecting patient health information. Covered entities and business associates like Catalyst RCM must implement administrative, physical, and technical safeguards to protect electronic protected health information.
Affected individuals interested in participating in potential class action litigation should preserve all documentation related to the breach, including notification letters, correspondence with healthcare providers, credit monitoring reports showing suspicious activity, and records of time spent addressing the breach consequences.
Can My Information Be Used for Identity Theft?
Yes, absolutely. The Vikor Scientific breach exposed a dangerous combination of personal, financial, and medical information. The explanation of benefits documents at the heart of this breach contain comprehensive personal profiles including your full name, date of birth, insurance policy numbers, healthcare provider names, detailed descriptions of medical services received, diagnosis codes, and payment information.
Medical identity theft is particularly insidious because it often goes undetected for long periods. Criminals can use stolen health insurance information to obtain expensive medical procedures, prescription medications, or medical equipment in your name. These fraudulent claims can exhaust your insurance coverage limits. Even more dangerously, medical identity theft can corrupt your medical records with someone else's health information, potentially leading to misdiagnoses or dangerous treatments.
The exposure of payment card information creates immediate financial fraud risks. Criminals can use this information to make unauthorized purchases, open new credit accounts, or sell the card details on dark web marketplaces.
Your personal information can also be used for synthetic identity theft, where criminals combine your real information with fabricated details to create new identities for obtaining credit, government benefits, employment, or other services.
What Can You Do to Protect Yourself Online?
Healthcare data breaches are particularly devastating because medical information cannot be changed like a password. Once your medical history is exposed, that information remains sensitive for life. Here are steps to protect yourself:
- Be cautious about sharing medical information. Before providing health information to any website, app, or service, verify that it is legitimate and understand how your data will be protected.
- Carefully review all medical bills and explanation of benefits statements monthly. Verify that you recognize all providers, services match what you actually received, and charges are accurate. Report discrepancies immediately.
- Request a list of disclosures from your healthcare providers annually. Under HIPAA, you have the right to obtain an accounting showing who has accessed your medical records.
- Use strong, unique passwords for all healthcare portals and patient portals. Never reuse passwords across different medical websites. Enable two-factor authentication on all healthcare accounts that support it.
- Monitor your credit reports regularly for signs of identity theft. Consider signing up for a credit monitoring service that alerts you to new accounts, hard inquiries, or significant changes to your credit file.
- Be skeptical of unsolicited communications about your health information or medical bills. Never provide personal information, payment details, or login credentials in response to unsolicited contacts.
- Keep detailed records of all your healthcare interactions, including dates of service, providers seen, procedures performed, and medications prescribed. This personal health record can help you identify fraudulent activity quickly.
The Vikor Scientific breach serves as a reminder that medical information is only as secure as the weakest link in the healthcare supply chain. Remaining vigilant and taking proactive protective measures is essential in today's environment of frequent healthcare data breaches.
