Last updated 1 month ago
The Everest ransomware group executed a cyberattack against healthcare diagnostic firm Vikor Scientific, now operating as Vanta Diagnostics, compromising data of 139,964 individuals. The attack targeted a supplier to the organization, resulting in the exposure of sensitive patient information. The breach was disclosed in February 2026 through a public announcement by the ransomware group and subsequent reporting to the US Department of Health and Human Services.
The attack chain involved ransomware deployment through a supply chain compromise, with the Everest group gaining access to systems via an unnamed supplier. The group exfiltrated protected health information and personal data belonging to nearly 140,000 patients before encrypting systems. Everest ransomware operators claimed responsibility for the attack and published evidence of the data theft as part of their extortion tactics.
Vikor Scientific filed a breach notification with US regulatory authorities confirming the exposure of patient data. The company is operating under the name Vanta Diagnostics following corporate restructuring. No ransom payment details or specific containment milestones have been publicly confirmed at this time.
Ransomware attack on a supplier
This healthcare sector breach demonstrates critical third-party risk management failures, as attackers exploited a supplier relationship to compromise sensitive patient data. The incident highlights the need for healthcare organizations to implement rigorous vendor security assessments and continuous monitoring of supply chain partners handling protected health information.
Sign in to join the discussion.
Company
Industry
Location
Disclosed
Records Affected
Attack Vector
Threat Actor
Continent
Country
Industry
Attack Vector
Threat Actor