Cybercriminal group World Leaks claims breach of Freedman HealthCare data systems

A cybercrime group known as World Leaks, previously operating under the name Hunters International, has claimed responsibility for a data breach affecting Massachusetts-based healthcare data and policy consulting firm Freedman HealthCare (FHC). The group alleged that it has stolen 52.4 gigabytes of data, including more than 42,000 files, from FHC’s systems. FHC provides data integration and analytics services to public health agencies across several U.S. states.

The threat actor reportedly warned on Monday of its intention to leak the data, beginning Tuesday. By Wednesday, World Leaks had published partial data on its dark web platform. According to technology news outlet The Register, the leaked files appeared to contain management and user account credentials, including passwords and state contracts. As of the latest reports, no protected health information (PHI) has been publicly disclosed.

FHC CEO John Freedman issued a statement late Tuesday, denying that any health data had been compromised. He confirmed this position again on Wednesday in comments to the Information Security Media Group, emphasizing that no PHI was among the data impacted. Freedman declined to address the specific claims made by World Leaks.

“In late April we discovered a security incident that compromised a limited portion of our IT system,” Freedman said in the statement. “The investigation determined that the incident only impacted one file server and did not affect any protected health information of any of our clients. No all-payer claims data was affected. We located and removed all malicious files and re-secured our system. Again, no health data was compromised in this incident.”

FHC’s website lists its clients as including health-related state agencies in Hawaii, Rhode Island, California, Massachusetts, and Delaware. It also works with private-sector entities such as health insurers, pharmaceutical companies, and medical device firms.

World Leaks is part of a broader trend among cybercriminal groups shifting toward an "extortion-as-a-service" model. This method prioritizes data theft and ransom demands over traditional ransomware encryption tactics. Analysts note that such strategies have become increasingly common in healthcare-related cyberattacks, where stolen data can be used to exert pressure on organizations.