Freedman Healthcare, a Massachusetts-based health data firm, has reportedly suffered a ransomware attack. The assault is linked to World Leaks, a newer extortion group tied to the former Hunter’s International ransomware collective.

The firm provides critical data infrastructure to over 27 U.S. state health departments, non-profits, and insurance providers. Attackers claim to have stolen more than 42,000 sensitive files, totaling 52.4GB of data, according to the hackers’ public leak site. A countdown clock has been posted, pressuring the company to meet an undisclosed ransom demand before the data is made public.

Health Systems in 27 States at Risk

Freedman Healthcare helps government agencies manage public health data systems across states like Colorado, Hawaii, Ohio, and Rhode Island. The company’s platform integrates data from Medicaid, commercial insurance, workforce programs, and social health records.

According to its website, the platform processes and manages highly sensitive personal health information. These include claims, non-claims payments, and social determinants of health. If the hackers’ claims are accurate, this breach may expose millions of Americans’ private health records.

So far, no sample data has been published by World Leaks. However, the group’s history suggests it may leak the files if the ransom is not paid.

World Leaks: A New Face of Old Threats

Launched in January 2025, World Leaks is believed to be a rebranded version of Hunter’s International. This earlier group had ties to Russian operators and focused heavily on healthcare and real estate victims in North America.

Group-IB analysts say the group moved away from traditional ransomware due to FBI pressure and profitability concerns. Despite announcing a closure in April, both World Leaks and Hunter’s International appear to be active.

World Leaks now runs a multi-platform operation that includes leak publishing, ransom negotiation, an insider news site, and an affiliate panel. Their interface and tactics closely mirror those of Hunter’s International, hinting at shared infrastructure or personnel.

Victims linked to these groups include Tata Technologies and the Benetton Group. With the attack on Freedman Healthcare, World Leaks is continuing its focus on high-value, health-related targets.