US health data management software firm, Freedman Healthcare, has allegedly suffered a ransomware attack at the hands of World Leaks – a former ransomware project developed by Hunter’s International.
-
Freedman Healthcare, a health data management firm, is allegedly the latest ransomware victim to be targeted in the US healthcare sector.
-
The technology company provides database and non-claims payment systems to dozens of US state-run public health departments and non-profit organizations.
-
The attackers, known as the World Leaks 'extortion-as-a-service' platform, are claiming to have stolen over 40,000 sensitive e-health files.
The newly formed ransomware cartel claimed the Massachusetts-based health database and payments technology company on its victim page sometime on Monday.
Freedman Healthcare partners with more than two dozen state governments, multiple non-profit organizations, and insurance companies, "to design, implement, and maintain comprehensive data systems" for state-run public health departments and other publicly funded programs, from Colorado, Connecticut, and Hawaii, to Ohio, Rhode Island, and Tennessee.
Cybernews has reached out to the company for comment, but has not heard back at the time of this report.
The personal health information of millions of Americans is handled by the company’s integrated data management platform, according to its website.
This includes sensitive data processed in Medicaid and commercial insurance claims, state health and human services agencies, social determinants of health datasets, and healthcare workforce initiatives, it states.
World Leaks claims to have exfiltrated about 52.4GB from the company’s servers, or roughly 42,204 files, although the group has not uploaded any file samples as of Monday evening.
A running countdown clock shows a deadline of less than half a day – presumably to pay the gang’s undisclosed ransom demand.
Cybernews can also assume that if Freedman Healthcare does not pay up, World Leaks will publish the stolen data on its leak site, as it appears to have done with previous victims unwilling to negotiate.
Who is World Leaks?
The World Leaks “extortion-as-a-service” platform was first launched in January 2025.
The platform was said to be the brainchild of the seasoned ransomware group Hunter’s International, which decided to switch from its double extortion tactics to a new business model due to ongoing FBI crackdowns in the ransomware ecosystem at the time.
A Group-IB profile on Hunter’s International said the Russian-linked gang deemed their original business operation as “too risky and unprofitable,” although the Cybernews Ransomlooker tool shows Hunter's International has been quite busy over the last 12 months, with at least 166 victims.
The World Leak platform is said to share numerous similarities with Hunters International in design, layout, and functionality, according to a profile on the fledgling operation by Lexfo's security blog posted last month.
The site operates four distinct platforms: a main data leak site, a negotiation site for ransom payments, an Insider platform for journalists, and an affiliate panel, the blog states.
One interesting caveat is that, according to the April blog by Group-IB, Hunter’s International had announced it was closing its operation and rebranding as the World Leak project, but it appears both operations are still continuing to carry out attacks.
Hunter’s International, which is known to target victims primarily in North America with a focus on real estate and healthcare, is believed to have been established back in October 2023, and is a possible offshoot of the Hive ransomware group.
Big name victims have included the Benetton fashion group and Tata Technologies, a technology vendor for Airbus, Ford, Honda, and Jaguar car manufacturers.
Your email address will not be published. Required fields are markedmarked