Free Case Reviews | No Fee Unless We Recover For You

Facebook-f Youtube
Free Case Review
Call Now (206) 442-9106
Emery Reddy logo

We help workers.®

Catalyst RCM/Vikor Scientific Data Breach

February 10, 2026

NOTICE: If you received a NOTICE OF DATA BREACH letter from Catalyst RCM/Vikor Scientific, contact Emery | Reddy, PC at 916.995.5968 for a Free Case Review.

On or about November 13, 2025, Catalyst RCM (“Catalyst”) discovered suspicious activity involving certain information stored within its secure file management system. According to the notice, an authorized login and password were used to access one of Catalyst’s servers between November 8, 2025, and November 9, 2025, during which data was copied without permission.

Upon identifying the issue, Catalyst promptly initiated an internal investigation to determine the nature and scope of the incident, assess system security, and identify any individuals whose information may have been impacted. Catalyst also began verifying address information to ensure accurate notification to affected individuals. The review was completed on December 12, 2025.

Following its systemwide review, Catalyst determined that the incident involved information connected to medical coding and billing services provided to Vikor Scientific, KorPath, and Korgene diagnostic laboratories. Many impacted individuals had information included in explanation of benefits documents maintained within the affected server.

After completing the investigation, Catalyst began issuing written notification letters to impacted individuals. The notification letters were dated February 6, 2026, and included incident details, information involved, and complimentary IDX identity protection services.

Catalyst RCM is a full-service revenue cycle management (RCM) company specializing in billing, coding, and analytics for U.S. healthcare providers, including physician practices, laboratories, and ambulatory surgery centers.

The breach involved unauthorized access to a secure server using compromised login credentials, resulting in unauthorized copying of data.

Following the incident, Catalyst reported that it is enhancing protocols, policies, and technical safeguards to reduce the likelihood of similar incidents in the future. Catalyst is also offering impacted individuals complimentary identity protection services through IDX, which include credit and CyberScan monitoring, up to $1,000,000 in insurance reimbursement, and fully managed identity theft recovery services.

If you received a Notice of Data Event letter from Catalyst RCM regarding Vikor Scientific, it confirms that your personal information may have been involved in this cybersecurity incident.

What information is involved in the Catalyst RCM/Vikor Scientific Data Breach?

Compromised information may include:

Full Name

Information contained within explanation of benefits documents

Other Personally Identifiable Information (PII)

Your Personally Identifiable Information (PII) includes information that can be used to identify you. Companies that handle sensitive personal and health data are legally required to safeguard this information. When PII is exposed in a data breach, it can be used to commit identity theft, financial fraud, or other forms of misuse.

A specific subset of PII is Protected Health Information (PHI), which includes medical and diagnostic‑related data. PHI is protected under federal and state privacy laws, including HIPAA and related state statutes. When PHI is exposed, it can be used in combination with other identifying information to commit medical fraud, insurance fraud, and identity theft.

The exposure of personal identifiers, explanation of benefits information, and health‑related data significantly increases the risk of identity theft, fraudulent account creation, and unauthorized use of medical or insurance benefits.

If your information was involved in this data breach, it is important to carefully review your explanation of benefits, medical billing statements, credit reports, and financial account activity for suspicious charges or inconsistencies. Impacted individuals are encouraged to follow the instructions provided in the Catalyst notification letter regarding enrollment in complimentary IDX monitoring and identity protection services.

Residents of California benefit from enhanced privacy protections under the California Consumer Privacy Act (CCPA), which grants additional rights related to the collection, storage, and protection of personal information. California residents may also have additional legal remedies depending on the nature of the compromised data.

If you received a Notice of Data Event letter related to the Catalyst RCM / Vikor Scientific data breach, your personal, financial, and health‑related information may be at risk.

Contact the Data Breach Lawyers at Emery | Reddy, PC for a Free Case Review today.

Join the Data Breach Lawsuit

Learn more about your rights to
potential compensation.

Name(Required)
Upload your files here:
Drop files here or
Max. file size: 1 GB.
    Consent

    Prefer to speak with someone now?

    Call us at ⁨(206) 973-5298 for a Free Case Review.

    NOTICE: If you received a NOTICE OF DATA BREACH letter from Catalyst RCM/Vikor Scientific, contact Emery | Reddy, PC at 916.995.5968 for a Free Case Review.

    We Are
    Taking a Break!

    We will be closed:

    December 22 – 26

    We will reopen:

    December 29

    Please leave us a voicemail or submit your contact form and an experienced Intake Specialist will return your call when we reopen. Happy holidays!