The Everest Group extortion group has claimed responsibility for a significant data breach affecting three US-based healthcare organizations. The group, known for data exfiltration and extortion, has published large databases allegedly stolen from the victims.
The Everest Group listed Vikor Scientific and Korgene together, treating them as a single breach, though they are separate (but related) entities.
The latest list of alleged victims posted by the group includes:
- KorPath (🇺🇸): Operating as Independent Clinical Laboratories Inc., KorPath is a clinical testing laboratory based in Tampa, Florida.
- Vikor Scientific, LLC (🇺🇸): A CLIA-certified and CAP-accredited clinical diagnostics laboratory based in Charleston, South Carolina.
- Korgene (🇺🇸): A related clinical diagnostics laboratory based in Pennsylvania.

According to the actor, the compromised data is extensive and includes internal documents, Electronic Medical Records (EMRs), and sensitive patient billing information. The group posted separate databases, one for KorPath and a combined one for Vikor/Korgene, totaling over 11 GB of data across the three companies.
- KorPath DataBase: 7,491 PDF files (1.23 GB) and 7,565 text/EDI files (390 MB).
- Vikor Scientific / Korgene DataBase: 25,303 PDF files (9.39 GB), 1,344 additional PDF files (505 MB), and 296 text/EDI files.
Based on the provided samples, which include Explanation of Benefits (EOB) forms, insurance claims, and payment transmittals, the allegedly compromised data includes:
- Electronic Medical Records (EMRs)
- Patient private information (full names, dates of birth, addresses)
- Patient billing and insurance information (claim forms, member IDs)
- Partial Social Security Numbers (SSNs)
- Credit card payment information
- Internal company financial documents












