Extortionists Leak Health Consultant's Data After Breach   

An extortion gang has published data stolen from Freedman HealthCare, a Massachusetts-based consulting firm that designs data systems for state health agencies, after a recent security breach. The group, known as 'World Leaks,' claims to have exfiltrated 52.4 gigabytes of data, encompassing over 42,000 files. The incident, which the company discovered in late April 2025, compromised a single file server.   
   
The attackers, formerly known as Hunters International, pivoted to a data theft and extortion model, forgoing traditional ransomware encryption. After the company did not meet their demands, the group published the stolen files on its dark web leak site. An ongoing investigation is underway, and the firm is facing at least the threat of a class-action lawsuit.  
   
Freedman HealthCare is a data and analytics consulting firm that works with U.S. state agencies, health providers, and insurance companies to design and manage comprehensive health data systems and payment platforms. Its clients include public health agencies in states like California, Delaware, and Massachusetts, handling sensitive information related to healthcare payments and all-payer claims databases.   

Breach Chronology   

• Late April 2025: Freedman HealthCare discovers a security incident that compromised a limited portion of its IT system.   
• May 23, 2025: The company begins issuing notices of a data security incident to potentially affected individuals.   
• June 15, 2025: The 'World Leaks' extortion group claims responsibility for the breach on its dark web site, threatening to release the stolen data.   
• June 17, 2025: The deadline set by the attackers passes, and they begin publishing the exfiltrated files. The release reportedly contains management and user account credentials, passwords, and state contracts.   
• June 27, 2025: A law firm announces it is investigating the data breach, citing reports of the stolen database.   

The Company's Response   

Freedman HealthCare stated that upon discovering the breach in late April, it immediately hired external cybersecurity experts to conduct a forensic investigation and secure its network. According to CEO John Freedman, the investigation determined the incident was limited to one file server and that no protected health information (PHI) or all-payer claims data was affected. The company asserts it located and removed all malicious files from its systems.  
   
Freedman HealthCare has started notifying individuals whose personal information, may have been exposed in the breach. As a precaution, the company is offering affected individuals 24 months of complimentary credit monitoring and identity protection services. The firm has also reported the incident to law enforcement. While the full impact is still under assessment, this recent event has exposed the company to potential legal action, with at least one law firm already investigating for a possible lawsuit and settlement on behalf of victims.