- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
Privacy Breach Impacts Over 139,000 Patients of CatalystRCM
Unauthorized access to sensitive medical and financial data prompts investigation and potential legal action
Published on Feb. 26, 2026
Got story updates? Submit your updates here. ›
A data breach at CatalystRCM, a Texas-based revenue cycle management company, has exposed the personal and medical information of over 139,000 individuals who received diagnostic testing services through affiliated labs like Vikor Scientific, KorGene, and KorPath. The breach occurred in November 2025 but was not disclosed to impacted individuals until February 2026, potentially violating state and federal laws.
Why it matters
This large-scale data breach raises serious privacy concerns, as the compromised information could lead to identity theft and other violations. It also highlights the need for stronger cybersecurity practices and timely breach notification requirements to protect patient data, especially in the healthcare industry.
The details
Between November 8-9, 2025, an unauthorized actor accessed CatalystRCM's file management system and copied sensitive data without permission. The breach impacted 139,964 individuals who received services from Vikor Scientific, KorGene, and KorPath. The compromised information may include names, dates of birth, payment card data, medical histories, and health insurance details.
- The data breach occurred between November 8-9, 2025.
- CatalystRCM did not begin notifying impacted individuals until around February 2026.
The players
CatalystRCM
A Texas-based revenue cycle management company that provides services to diagnostic laboratories and was the target of the data breach.
Vikor Scientific (Vanta Diagnostics)
A diagnostic company that was impacted by the CatalystRCM data breach, reporting that 139,964 individuals were affected.
KorGene
A diagnostic company that was also impacted by the CatalystRCM data breach.
KorPath
A diagnostic company that was also impacted by the CatalystRCM data breach.
Schubert Jonckheer & Kolbe LLP
A law firm investigating the CatalystRCM data breach and representing individuals impacted by the incident.
What they’re saying
“If your personal information was impacted by this incident, you may be at risk of identity theft and other serious violations of your privacy. As a result, you may be entitled to money damages and an injunction requiring changes to CatalystRCM's cybersecurity practices.”
— Schubert Jonckheer & Kolbe LLP, Law Firm (PRNewswire)
What’s next
The law firm Schubert Jonckheer & Kolbe LLP is investigating the data breach and encouraging impacted individuals to contact them to learn more about their legal rights.
The takeaway
This breach highlights the need for healthcare companies to prioritize robust cybersecurity measures and timely breach notification to protect patient privacy. Individuals affected should closely monitor their personal and financial information for any suspicious activity.
San Francisco top stories
San Francisco events
Mar. 9, 2026
Cash Cobain - MOVED TO AUGUST HALL 3/9/26
Mar. 9, 2026
Cash Cobain
Mar. 10, 2026
Golden State Warriors vs. Chicago Bulls