Medical billing company Catalyst RCM has confirmed it notified victims of a November 2025 data breach that compromised their personal and medical information.
Catalyst has not publicly disclosed how many people it notified at time of writing, but one of Catalyst’s clients, Vikor Scientific, notified 139,964 people about a data breach that occurred around the same time. Given the circumstances, the two disclosures appear to reference the same data breach.
The compromised data includes names, payment card info, medical treatments, medical history, diagnoses, health insurance info, and dates of birth.
On November 12, 2025, A ransomware group called Everest took credit for data breaches at Vikor Scientific and its two medical diagnostic laboratories, KorPath and KorGene. Vikor Scientific has since rebranded those labs as Vanta Diagnostics.
To prove its claim, Everest posted images of what it says are documents stolen from Vikor Scientific.
Neither Catalyst RCM nor Vikor Scientific acknowledged Everest’s claim, and Comparitech cannot independently verify it. We do not know if either company paid a ransom, how much Everest demanded, or how attackers breached their systems. Comparitech contacted both Catalyst and Vikor Scientific for comment and will update this article if they reply.
“On or about November 13, 2025, Catalyst was made aware of suspicious activity related to certain information maintained within its secure file management system,” says Catalyst’s notice.
“Our investigation subsequently determined that an authorized login and password to our system were used to access one server between November 8, 2025, and November 9, 2025, and copied data without permission creating an unauthorized use of the data.”
Catalyst is offering breach victims free credit monitoring and identity theft restoration.
Who is Everest?
Active since 2020, Everest is a ransomware gang and initial access broker. Its victims include NASA, the Brazilian government, and multiple hospitals and clinics. Everest’s malware both encrypts target systems and steals the data stored on them. It then demands a ransom to restore infected systems and delete stolen data.
Everest has claimed responsibility for 181 ransomware attacks since it began. 45 of those were confirmed by the targeted organizations, which notified more than 1 million people about the resulting data breaches.
Based on the figures reported so far, this attack on Catalyst RCM is Everest’s third-largest confirmed breach by number of records compromised. The group’s largest was a December 2023 breach at Specialty Networks, which notified 411,037 people. As with Catalyst, Specialty’s breach compromised the patient data of its client companies, including Prime Imaging, Diagnostic Radiology Consultants, Allied Mobile, and Videre.
Ransomware attacks on US healthcare
In 2025, Comparitech researchers logged 29 confirmed ransomware attacks on healthcare-related companies that don’t provide direct care such as medical device makers, pharmaceutical companies, and medical billing companies. Those attacks compromised more than 6 million records in total.
The attack on Catalyst was the third-largest such attack in 2025. The two largest were:
- Episource notified 5.4 million people of a January 2025 ransomware attack
- Fieldtex Products notified 274,000 people of an August 2025 data breach claimed by Akira
Ransomware attacks on manufacturers can lock down computer systems and steal data. Successful infections can disrupt billing, communications, orders, shipments, and in some cases manufacturing equipment and processes. The attackers demand a ransom to restore infected systems and delete stolen data. Businesses that refuse to pay up face extended downtime, permanent data loss, unauthorized data disclosure, and putting data subjects at increased risk of fraud.
Companies like Catalyst operating in the healthcare sector have become a key target for hackers because they handle a large amount of personal data and deal with several third-party clients.
About Catalyst RCM and Vikor Scientific
Founded in 2019, Catalyst RCM is a revenue cycle management and medical billing company headquartered in Katy, Texas. It describes itself as an “AI-powered RCM.”
Based in South Carolina, Vikor Scientific is a medical diagnostic and molecular pathology company that owns Vanta Diagnostics. Vanta is the new brand name for Vikor Scientific’s former subsidiaries, KorPath and Korgene.
