DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Avantic Medical Lab hacked; patient data leaked by Everest Group

Posted on July 9, 2025 by Dissent

On June 10, the Everest Group added a listing for Avantic Medical Lab to its leak site, accompanied by a one-week countdown clock and four screenshots containing patient information as proof of the claims. When the attack first occurred, and whether Everest had contacted Avantic before June 10, is unknown to DataBreaches, but on June 10, Everest gave Avantic one week to get in touch with them.

Whether Avantic did or not is also unknown to DataBreaches, but what we do know is that on July 3, Everest leaked 31 GB of patient files.

Avantic Medical is a full-service Clinical Laboratory in Edison, NJ. They advertise that they service hospitals, hospital staff physicians, and the entire New Jersey, New York, and Pennsylvania Metro Area.

Hundreds of “Patient Files” that Everest leaked appear to relate to blood draws (testing) done in 2018. Testing on later dates for other patients was referenced in the Explanation of Benefits files, located in a folder from May 2023 under “Payments.”  A third folder, “Accu Reference Send Out,” also contained patient information.

There were no databases in the data tranche, but some files were batched reports of insurance responses or other correspondence.

The types of information acquired and leaked for any individual patient varied by individual and type of file, but may have included:

  • Patient’s Full Name
  • Patient’s Address
  • Patient’s Telephone number
  • Patient’s Date of birth
  • Patient’s Social Security number
  • Medical Record Number
  • Referring Doctor
  • Referring Doctor’s Information
  • Health Insurance Provider
  • Employer or Group Name
  • Policy Number
  • Member ID
  • Claim ID
  • Covered Member’s Name
  • Date of Blood Draw
  • Type of Test(s)
  • Results of  Blood Tests
  • Explanation of Benefits
  • Diagnosis(es)
  • Correspondence from Insurer
  • Check information if Patient Paid by Check
  • Credit Card Number with Expiration Date and CVV

There is no substitute notice on Avantic Medical Lab’s site as of this morning, and no report has been posted on HHS’s public breach tool yet.

DataBreaches emailed the lab this morning to inquire whether Everest’s attack had encrypted any files or had impaired functioning in any way. The email also asked whether Avantic has notifed HHS, the (New Jersey) the Division of State Police in the Department of Law and Public Safety, or patients.

No reply was immediately received, but DataBreaches will update this post when we receive a reply or more information becomes available.

 

No related posts.

Category: Breach IncidentsHackHealth DataU.S.

Post navigation

← Integrated Oncology Network victim of phishing attack; multiple locations affected (2)

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure
  • Kentfield Hospital victim of cyberattack by World Leaks, patient data involved
  • India’s Max Financial says hacker accessed customer data from its insurance unit
  • Brazil’s central bank service provider hacked, $140M stolen

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations
  • Record-Breaking $1.55M CCPA Settlement Against Health Information Website Publisher
  • Ninth Circuit Reviews Website Tracking Class Actions and the Reach of California’s Privacy Law

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.