North East Medical Services (NEMS) is notifying 91,513 patients of an October 2025 data breach following a cyber attack on its third-party software provider, UnitedLayer. In November 2025, ransomware gang RansomHouse claimed an attack on UnitedLayer.
In its notification, NEMS states: “On October 19, 2025 NEMS detected potential unauthorized access to certain data on its third-party hosted managed service provider, United Layer’s network.” The impacted data includes Social Security numbers and medical information.
UnitedLayer hasn’t issued any data breach notifications or cybersecurity alerts as of yet, but it was added to RansomHouse’s data leak site in November 2025. UnitedLayer hasn’t confirmed RansomHouse’s claim or whether or not a ransom was demanded/paid. Comparitech has contacted UnitedLayer for further information and will update this article if it responds.
NEMS is offering those affected in its breach complimentary credit monitoring via CyberScout.
Who is RansomHouse?
RansomHouse first emerged in 2021 and operates a Ransomware-as-a-Service (RaaS) model and often uses a double-extortion technique whereby systems are encrypted and data is stolen. Over the last four years, we have tracked 52 confirmed attacks (confirmed by the entity involved) via this group with over 1.7 million records breached across these attacks in total.
In 2025, RansomHouse was responsible for 15 confirmed attacks (we are also monitoring a further 35Â unconfirmed attacks from the group). One of its biggest attacks in 2025 was on Japanese retail company, ASKUL Corporation, in October. This not only caused mass disruption and a 95 percent drop in sales but around 740,000 people are thought to have been involved in the subsequent data breach.
Another recently confirmed attack is US-based Greater Pittsburgh Orthopedic Associates, Inc. It has just started notifying 35,000 people of a breach from August 2025, which was also claimed by RansomHouse.
No attacks have been confirmed this year so far, but we have noted four unconfirmed attacks via the group.
Attacks on US technology providers
In 2025, we tracked 249 attacks on US technology providers with 33 of these being confirmed. The confirmed attacks saw data breaches impacting over 19 million people, highlighting the growing concern over third-party software data breaches such as this.
The two largest attacks were:
- Conduent Business Services, LLC – January 2025 – over 16.7 million affected (claimed by SafePay)
- Marquis Software Solutions – August 2025 – around 1.64 million affected to date (unknown hackers)
As it stands, this attack on UnitedLayer is the fourth-largest breach on a US tech company in 2025 so far.
Software providers are an attractive target for hackers due to the number of clients they tend to work with and the amount of data they are often in possession of.
About UnitedLayer
Headquartered in California, UnitedLayer is a private cloud solution provider. It operates across multiple industries, including healthcare, manufacturing, finance, government, and retail.
