Ransomware gang says it hacked healthcare management firm Think Big

Ransomware gang PEAR today took credit for a June 2025 data breach at Think Big Health Care Solutions, an enterprise healthcare management company in Florida.

The breach compromised the following personal info:

  • Names
  • Social Security numbers
  • Tax ID numbers
  • Passport numbers
  • Addresses
  • Dates of birth
  • Phone numbers
  • Email addresses
  • Web URLs
  • Health insurance policy numbers
  • Bank account numbers
  • Routing numbers
  • Credit and debit card numbers, CVVs, and expiration dates
  • Medical info including diagnoses, conditions, lab results, medications, and more
  • Claims info
  • Medical record numbers
  • CPT codes
  • Referring providers

PEAR says it stole 60 GB of data from Think Big during the breach. To prove its claim, the ransomware group posted images of what it says are documents stolen from Think Big. Comparitech reviewed the images but has not independently verified their authenticity.

PEAR lists ThinkBig on its data leak site.
PEAR lists ThinkBig on its data leak site.

In a message posted on the gang’s data leak website, PEAR writes, “We are surprised but after long negotiation Think Big’s management has refused to deal. Well, that is their choice. Their data is available now. Also, we’ve posted a few more of their files proving the sensitivity of their data taken.”

Think Big has not verified PEAR’s claim. We do not know how many people Think Big has notified about the breach, or how much PEAR demanded in ransom. Comparitech contacted Think Big for comment and will update this article if it replies.

“On June 20, 2025, Think Big became aware of suspicious activity involving an employee’s email account,” says the company’s notice to victims. “While the forensic investigation is ongoing, Think Big found evidence to suggest that some emails and files may have been compromised by an unauthorized third-party.”

Think Big is offering eligible victims free credit monitoring and identity theft protection through Haystack ID. The deadline to enroll is 90 days from receipt of the breach notice letter.

Who is PEAR?

PEAR, or Pure Extraction and Ransom, is a new ransomware gang, and Think Big is its first confirmed attack.

The group has made another 17 unconfirmed attack claims in 2025 that haven’t been publicly acknowledged by the targeted organizations, 15 of which are American. They include three construction companies, three legal firms, and three manufacturers.

The group focuses on stealing data and extorting organizations for it. It does not encrypt files like most other ransomware.

Ransomware attacks on US healthcare businesses

Comparitech researchers have logged eight confirmed ransomware attacks on American healthcare businesses that don’t provide direct care to patients.

The largest such attack hit Episource in January. The medical software maker notified 5.4 million people of the ensuing data breach.

Other recent ransomware attacks on US healthcare businesses include:

  • Century Vision Global reported a January 2025 data breach claimed by Abyss
  • All Star Healthcare Solutions notified 4,498 people of a February 2025 data breach claimed by RansomHub

Ransomware attacks on healthcare providers can cripple critical systems and endanger the health, privacy, and security of patients. Targeted companies must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk of fraud. Hospitals and clinics might have to resort to pen and paper, cancel appointments, and divert patients elsewhere until systems are restored.

About Think Big Health Care Solutions

Think Big is a health resource and practice management company that specializes in accounting, human resources, medical coding, project management, business development, and marketing.