Remorseless extortionists claim to have stolen thousands of files from Freedman HealthCare

UPDATED An extortion gang claims to have breached Freedman HealthCare, a data and analytics firm whose customers include state agencies, health providers, and insurance companies, and is threatening to dump tens of thousands of sensitive files early Tuesday morning.

According to a claim posted Sunday on the shame site belonging to World Leaks, formerly Hunters International, the data thieves alleged to have pilfered 52.4 GB of data containing 42,204 files, which they will release at 4 am EDT on Tuesday.

Freedman HealthCare did not immediately respond to The Register's inquiries about the criminals' claims. But if they're true, this breach could be especially damaging for the compromised company as well as the dozens of state agencies Freedman works with to build databases that collect all types of sensitive information on residents including their insurance status, healthcare claims, and payment info. 

In one example touted on its website, the health-data org worked with the state of California to design and implement that state's healthcare payments database, which covers nearly 38 million people. 

Freedman HealthCare also helped the state of Delaware launch its All-Payer Claims Database (APCD), and led the creation of Rhode Island's health and human services Data Ecosystem, which collects data from 10 state agencies and partner organizations, including Medicaid, the Department of Labor and Training, Department of Health, the All-Payer Claims Database, the Department of Corrections, and the Department of Education.

So the breach could expose financial and protected health information belonging to millions of people across the US - potentially making it one of the larger healthcare data incidents in recent years.

• US medical org pays $50M+ to settle case after crims raided data and threatened to swat cancer patients
• Crimelords at Hunters International tell lackeys ransomware too 'risky'
• Ransomware thugs threaten Tata Technologies with leak if demands not met
• Like whitebox servers, rent-a-crew crime 'affiliates' have commoditized ransomware

The crew behind the digital intrusion is known for big-target hunting. World Leaks used to be called Hunters International until recently, when it shifted its focus to pure data theft and extortion, ditching the ransomware piece. They have no qualms about attacking organizations providing critical services, including healthcare, and employing vile tactics to force payment. 

A couple of years ago, they stole health insurance and diagnosis info from about 800,000 cancer patients at the Fred Hutchinson Cancer Center, then threatened to SWAT patients who didn't pay up, and leaked sensitive pre-op images of patients they nabbed from a Beverly Hills plastic surgeon's office. They also claim to have stolen data belonging to the London branch of the Industrial and Commercial Bank of China (ICBC) and Tata Technologies. ®

Updated June 17, 2025, at 18.08 GMT:

Following publication of this story, Freedman Healthcare CEO John Freedman essentially dismissed the group's claims as a nothingburger, sending us the following statement:

"In late April we discovered a security incident that compromised a limited portion of our IT system. Upon discovering the incident, we immediately engaged external cybersecurity experts to secure our network and perform a thorough forensic investigation. The investigation determined that the incident only impacted one file server and did not affect any protected health information of any of our clients. No all-payer claims data was affected. We located and removed all malicious files and re-secured our system. Again, no health data was compromised in this incident."

A researcher following the incident told us the group did indeed release some information as promised, including management and user accounts and passwords and state contracts, but he didn't see any personally identifiable information in the dump.