Vikor Scientific, now rebranded as Vanta Diagnostics, recently reported a significant cybersecurity incident involving its vendor, Catalyst RCM, which resulted in the unauthorized access and exfiltration of electronic protected health information (ePHI). The breach affected 139,964 individuals, including sensitive data related to medical and personal records.
Vikor Scientific’s Data Breach Investigation
Vikor Scientific, a molecular diagnostics company based in Charleston, South Carolina, announced a data breach related to one of its key vendors—Catalyst RCM, a revenue cycle management company. The breach also impacted KorGene, a molecular testing laboratory owned by Vikor Scientific, as well as KorPath, a Tampa-based anatomical pathology lab partnered with Vanta Diagnostics.
Catalyst RCM published a substitute breach notice on its website, outlining the breach and confirming that the affected data involved ePHI from the services provided by Vikor Scientific, KorGene, and KorPath. The incident was reported to the Department of Health and Human Services (HHS) Office for Civil Rights, as the breach involved a substantial amount of sensitive healthcare data.
According to Catalyst RCM, suspicious activity was detected within its secure file management system around November 13, 2025. After further investigation, it was discovered that an unauthorized login occurred between November 8, 2025, and November 9, 2025. The unauthorized actor gained access to one of Catalyst’s servers and exfiltrated data. The investigation concluded on December 12, 2025, confirming that sensitive information was stolen during the breach.
While the breach primarily affected the systems of Catalyst RCM, it had significant consequences for the individuals whose ePHI was stored on these systems. Vikor Scientific, as the affected HIPAA-covered entity, is working to ensure that proper notifications are being issued to the impacted individuals. As per HIPAA regulations, it is the responsibility of the healthcare provider (in this case, Vikor Scientific) to notify affected individuals, though this responsibility is often delegated to the vendor involved in the breach.
The breach involved the personal and medical information of 139,964 individuals, raising serious concerns regarding the potential misuse of sensitive health information. The exposure of ePHI increases the risk of identity theft, fraudulent insurance claims, and other forms of medical and financial fraud.
At Class Action U, we believe individuals affected by breaches like this deserve transparency and accountability. If you received a notification from Vikor Scientific or Catalyst RCM, it’s important to understand what occurred and explore your legal rights.
When Did This Breach Occur?
According to Vikor Scientific:
-
Date(s) the Breach Occurred: November 8, 2025 – November 9, 2025
-
Date the Breach Was Discovered: November 13, 2025
The unauthorized access occurred over a two-day period in early November 2025, and the breach was discovered by Catalyst RCM on November 13, 2025.
What Information Was Breached?
The following types of personal and medical information were potentially exposed:
The exact information affected may vary for each individual, but it could include a combination of sensitive personal identifiers and medical records.
What You Can Do
If you received a notification from Vikor Scientific or Catalyst RCM, consider taking the following steps to protect yourself:
-
Enroll in the complimentary credit monitoring and identity theft protection services offered by Catalyst RCM, if available.
-
Monitor your credit reports for unfamiliar accounts or inquiries.
-
Review your medical statements and insurance records for any unauthorized services or claims.
-
Place a fraud alert or security freeze on your credit file to prevent unauthorized activity.
-
Stay vigilant for phishing attempts or fraudulent calls requesting additional personal or financial information.
The exposure of Social Security numbers and medical information raises significant risks for identity theft, particularly in the context of medical fraud. Proactive monitoring is key to minimizing the potential harm.
You may also wish to explore your legal options. Many individuals may not realize that they could be eligible to participate in a class action lawsuit following a data breach, especially when sensitive health information is involved. By joining with others, affected individuals can seek justice and potential compensation for the risks posed by this breach.
File a Data Breach Lawsuit Against Vikor Scientific
If you received notice that your personal and medical information was involved in the Vikor Scientific data breach, you may have the right to pursue legal action.
Data breach lawsuits aim to hold organizations accountable when they fail to protect sensitive personal information. Compensation in these cases may include reimbursement for out-of-pocket expenses, time spent addressing identity theft or fraud, credit monitoring costs, and other related damages.
You do not have to navigate the aftermath of a data breach alone. Understanding your rights can help you determine whether you qualify to join a class action lawsuit and recover compensation.
Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.
