The healthcare testing and laboratory services provider recently posted a notice on their website about the ransomware attack.

 

What happened

Centers Lab NJ, LLC, which does business as Centers Laboratory, recently disclosed a data breach to the Department of Health and Human Services (HHS). The New Jersey-based testing and laboratory service provider also posted a notice of the event on their website.

According to what was reported to the HHS, the breach impacted 542,377 individuals and was reported on June 18th, 2026, although it was uploaded to the HHS’ breach portal website at a later date.

 

Going deeper

In their web notice, Centers Lab said the initial suspicious activity occurred on its IT environment on August 25th, 2025. As soon as the incident was noticed, Centers Lab isolated the affected systems and launched an investigation, which determined that certain systems had been accessed between August 9th, 2025, and August 14th, 2025.

Data was copied by the attacker and included dates of birth, driver’s license or state identification information, Social Security numbers, passport numbers, health insurance information, and medical information.

 

In the know

The attack was claimed by ransomware group WorldLeaks, according to Security Week. The malicious group listed Centers Lab on their leak website back in October 2025, claiming to have 1.6 million files, totaling 720 GB, from the lab center. WorldLeaks is a fairly new organization themselves, emerging in January 2025, after Hunters International allegedly disbanded. It’s unclear if some group members left or if WorldLeaks is simply a rebranding of the original group. Hunters International was known for encrypting files, but the new group focuses on data theft and extortion.

WorldLeaks also operates an extortion-as-a-service (EaaS) scheme, where affiliates are offered tools that can automatically extract data. It’s believed the group may be based in Eastern Europe, and they seem to attack a variety of organizations all over the world, appearing to be mostly financially motivated.

 

The big picture

WorldLeaks has become a prime perpetrator of some of this year’s largest crimes. Earlier this summer, Paubox reported on another WorldLeaks breach, that time against Tata Electronics, one of the largest suppliers of parts for Apple, and a company based in India. That leak uniquely included alleged design components for Apple and Tesla, information that could be considered highly valuable.

Just recently, on July 15th, WorldLeaks claimed yet another victim, posting a huge number of files from India’s largest nuclear plant, according to Reuters. The data in this breach included blueprints of facilities and supplier details. The situation at Kudankulam Nuclear Power Plant is still emerging, but shows that WorldLeaks is targeting a vast variety of companies and information.

 

FAQs

Do we know when the breach information was released by the HHS?

Not exactly. The HHS tends to release breach information in batches. The June 18th date is likely when the HHS received or processed the breach report, but doesn’t reflect when they uploaded the information.

 

What is an EaaS platform?

Extortion-as-a-service is designed to democratize data breaches by allowing those with limited hacking skills to still breach organizations. In this case, WorldLeaks offers tools that allow other hackers to steal data. In exchange, WorldLeaks likely receives a portion of the profits.

 

Why did Hunters International / WorldLeaks move away from encrypting files?

WorldLeaks hasn’t specifically said why they no longer encrypt files, but it likely added additional complexity and pressure. When data is encrypted, it can lead to delayed patient-care, directly causing harm to individuals. Some hackers are purely after money and do not wish to cause harm. Other groups may know that encrypting data will increase law enforcement interest and consequences. While encrypting data may help a hacking group get more money, it’s far riskier and may be harder to sustain.