World Leaks extortion gang claims to have stolen 52.4 GB of data containing 42,204 files from Freedman HealthCare and threatens to release the information early Tuesday morning.
World Leaks, formerly known as Hunters International, posted a claim on their shame site Sunday alleging they breached Freedman HealthCare, a data and analytics firm serving state agencies, health providers, and insurance companies. The group claims to have stolen 52.4 GB of data containing 42,204 files and set a deadline of 4 am EDT Tuesday for releasing the information. Freedman HealthCare works with dozens of state agencies to build databases collecting sensitive resident information including insurance status, healthcare claims, and payment data. The company helped California design and implement the state's healthcare payments database covering nearly 38 million people, assisted Delaware with launching its All-Payer Claims Database, and led creation of Rhode Island's health and human services Data Ecosystem collecting data from 10 state agencies and partner organizations.
World Leaks operates as a pure data theft and extortion group after recently shifting away from ransomware operations. The crew previously operated under the name Hunters International before rebranding. They have targeted multiple high-profile organizations and employed extreme tactics, including stealing health insurance and diagnosis information from about 800,000 cancer patients at Fred Hutchinson Cancer Center, threatening to SWAT patients who didn't pay, and leaking pre-operative images from a Beverly Hills plastic surgeon's office. The group also claims to have stolen data from the London branch of Industrial and Commercial Bank of China and Tata Technologies.
Freedman Healthcare CEO John Freedman dismissed the group's claims following publication of the initial story, stating: "In late April we discovered a security incident that compromised a limited portion of our IT system. Upon discovering the incident, we immediately engaged external cybersecurity experts to secure our network and perform a thorough forensic investigation. The investigation determined that the incident only impacted one file server and did not affect any protected health information of any of our clients. No all-payer claims data was affected. We located and removed all malicious files and re-secured our system. Again, no health data was compromised in this incident."
A researcher following the incident confirmed the group released some information as promised, including management and user accounts, passwords, and state contracts, but noted they didn't observe any personally identifiable information in the data dump.
This breach threatens to expose the vulnerability of state-level healthcare data infrastructure that millions of Americans depend on. Freedman HealthCare's role in building databases for multiple states means a successful attack could compromise sensitive information for residents across California, Delaware, and Rhode Island. The involvement of World Leaks makes this concerning because this group specifically targets healthcare organizations and uses extreme intimidation tactics against patients. Unlike typical ransomware groups focused on quick payouts, World Leaks operates as a pure extortion gang willing to weaponize patient data and medical images to force compliance, representing an escalation in threats against healthcare data systems.
Most healthcare analytics firms employ layered cybersecurity measures including firewalls, encryption, endpoint detection, and intrusion monitoring systems.
State agencies can mandate regular audits, penetration testing, and compliance certifications as part of vendor contracts.
If identified, such groups face international criminal charges, including computer fraud, identity theft, and extortion, often prosecuted by cybercrime units and Interpol.