Sermo, a social network for doctors, yesterday confirmed it notified 2,674 people of a March 2024 data breach that leaked Social Security numbers.
A ransomware group called Black Basta took credit for the breach in April 2024, saying it stole 700 GB of data from Sermo.
Another ransomware group, Medusa, also said it hacked Sermo. Medusa made its claim in July 2025 and demanded a $500,000 ransom.
Sermo cited Black Basta as the culprit but did not acknowledge Medusa’s claim. We do not know if Sermo paid a ransom, how much Black Basta demanded, or how attackers breached Sermo’s network. Comparitech contacted Sermo for comment and will update this article if it replies.
“On April 10, 2024, Sermo experienced a power outage at its data center in Denmark that ultimately was determined to be a ransomware event with the group Black Basta claiming responsibility,” Sermo says in its notice to breach victims. “An investigation determined that unauthorized access to and acquisition of information from Sermo’s network environment took place between March 19, 2024 and April 10, 2024.”
The notice implies that the delay in disclosing the breach was at least partially due to difficulties in obtaining data posted by Black Basta.
“Black Basta identified Sermo’s parent company, Sermo Limited, on its leak site and on April 17, 2024, posted data there,” the notice days. “This site was incredibly slow. For instance, Sermo tried to download the data in order to review it. After two weeks of continual download attempts, only 28% of the data had been downloaded. The entire dataset was not downloaded until September 20, 2024. On January 27, 2025, Black Basta’s leak site was taken down, meaning that Sermo’s data was no longer available for download.”
Sermo is offering eligible victims 12 months of free credit monitoring and identity theft restoration through Kroll.
Who is Black Basta?
Black Basta, not to be confused with Blackcat or BlackSuit, is a ransomware gang that first surfaced in early 2022. It operates a ransomware-as-a-service business wherein third-party clients pay Black Basta to use its ransomware and infrastructure to launch attacks and collect ransoms. Black Basta often extorts victims both for a key to restore infected systems and to delete stolen data.
Black Basta’s operations were halted by law enforcement in 2025, consistent with the timeline presented in Sermo’s notice to victims. Before its data leak site shut down, Black Basta claimed responsibility for 173 confirmed ransomware attacks since 2022. Those attacks compromised the personal data of nearly 12 million people.
Two of Black Basta’s largest breaches also hit companies operating in the healthcare sector:
- Ascensions notified 5.6 million people of a May 2024 data breach claimed by Black Basta
- Numotion notified almost 700,000 people of a February 2024 breach claimed by Black Basta
Even through the group closed shop more than a year ago, some of its breaches are just coming to light. Law firm Tuggle Duggins, for example, just notified 851 people of a September 2024 Black Basta breach.
Ransomware attacks on US healthcare businesses
Comparitech researchers logged 32 confirmed ransomware attacks in 2024 on companies operating in the healthcare sector, such as pharmaceutical companies, medical device makers, and medical software developers. Those attacks compromised more than 196 million records.
Those figures do not include organizations that provide direct care, such as hospitals and clinics.
In 2025, we recorded 27 such attacks that leaked 5.9 million people’s personal info.
Other such recently confirmed attacks include:
- MedRevenu reported a December 2024 data breach claimed by BianLian
- MTI America reported a September 2025 data breach claimed by Sinobi
Ransomware attacks on healthcare businesses can both lock down computer systems and steal data. These attacks often compromise data belonging to the business’ clients, such as patient data from hospitals and clinics. They can cripple critical systems and endanger the health, privacy, and security of patients. Targeted companies must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk.
About Sermo
Sermo is a social network for physicians to discuss various healthcare topics, rate drugs, and get paid to take medical surveys. Its members consist of more than 1 million verified physicians and healthcare professionals, according to Sermo’s website.
