Vikor Scientific Affected by Ransomware Attack on Revenue Cycle Management Vendor
Vikor Scientific (now rebranded as Vanta Diagnostics), a molecular diagnostics company based in Charleston, South Carolina, has been affected by a security incident at one of its vendors – the revenue cycle management company, Catalyst RCM. The breach also affected the Vikor Scientific-owned molecular testing laboratory KorGene, and KorPath, a Tampa, Florida-based anatomical pathology lab, which partners with Vanta Diagnostics. Vikor Scientific has reported the data breach to the HHS’ Office for Civil Rights as involving the electronic protected health information (ePHI) of 139,964 individuals.
Catalyst RCM has published a substitute breach notice on its website and is issuing notification letters to the affected individuals on behalf of its affected HIPAA-covered entity clients. While it is ultimately the responsibility of each affected HIPAA-covered entity to issue notification letters when there has been a data breach at a vendor, the notification responsibilities are often delegated to the vendor.
In the breach notice, Catalyst RCM explains that suspicious activity was identified within its secure file management system on or around November 13, 2025. An investigation was launched, which identified an unauthorized login to a system used to access one of its servers. The server was accessed without authorization between November 8, 2025, and November 9, 2025. The affected system was reviewed to determine whether any protected health information had been exposed or stolen, and the review concluded on December 12, 2025. Catalyst RCM confirmed that the threat actor exfiltrated data in the attack.
Data potentially compromised in the incident varies from individual to individual and may include names plus one or more of the following: date of birth, diagnosis information, medical treatment information, history, health insurance information, and/or payment card information with access code.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Catalyst RCM has updated its security policies, procedures, and protocols to reduce the likelihood of similar incidents in the future, and has advised the affected individuals to remain vigilant against identity theft and fraud by monitoring their free credit reports. While no misuse of the affected data has been identified, the affected individuals have been offered complimentary credit monitoring and identity theft protection services.
While the incident was not described as a ransomware attack, the Everest ransomware group claimed responsibility for the attack and added Vikor Scientific to its dark web data leak site, along with samples of data allegedly stolen in the attack. Everest threatened to leak the stolen data if contact was not made. Everest claims to have leaked all data exfiltrated in the attack, indicating the ransom was not paid.
