Freedman Healthcare, a Massachusetts-based provider of health data systems and payment platforms, is reportedly the latest victim in a wave of ransomware attacks targeting the U.S. healthcare sector. The ransomware group World Leaks claims to have exfiltrated over 42,000 files—roughly 52.4GB of data—impacting a platform that supports 27 U.S. state public health departments and several nonprofit organizations.
Ransomware Attack Threatens Massive Volume of Health Data
The attack was made public via World Leaks’ victim site earlier this week. Freedman Healthcare has not officially confirmed the incident, but Cybernews reports that the gang has posted a countdown clock, hinting at a ransom deadline. If the company fails to comply, the stolen data could be released publicly, following the group’s usual extortion tactics.
The attackers claim they have gained access to:
- Over 42,000 sensitive electronic health files
- A total of 52.4GB of exfiltrated data
- Unconfirmed volumes of Medicaid and commercial insurance claim data
As of now, no file samples have been leaked. Freedman Healthcare has not issued a public statement, and requests for comment remain unanswered.
Who Is Freedman Healthcare and Why It Matters
Freedman Healthcare is deeply embedded in state-level public health systems. According to its own website, the firm designs and maintains integrated health data platforms for state health departments and nonprofit agencies across the country.
Their services include managing:
- Medicaid and commercial claims data
- Social determinants of health datasets
- Healthcare workforce and policy initiatives
- Payment and data-sharing systems for public programs
States listed as clients include Colorado, Connecticut, Hawaii, Ohio, Rhode Island, and Tennessee.
The nature of Freedman’s data systems suggests that millions of Americans’ personal health data may be at risk, depending on what was stored or processed on the affected servers.
World Leaks: A New Face of a Familiar Threat
The attack was attributed to World Leaks, a relatively new “extortion-as-a-service” platform launched in January 2025. Though recently branded, World Leaks is linked to the Russian-speaking ransomware group Hunter’s International.
Hunter’s International was originally known for traditional double-extortion tactics. But after mounting law enforcement pressure—particularly from the FBI—the group pivoted toward a platform model. According to Group-IB and Lexfo, World Leaks shares infrastructure, design, and targeting behaviors with its parent group.
The platform operates:
- A main leak site for data exposure
- A ransom negotiation portal
- An insider access channel for journalists
- An affiliate panel for cybercriminal collaborators
Despite announcing the closure of the project in April, both World Leaks and Hunter’s International appear to remain active, continuing campaigns largely aimed at U.S. healthcare and real estate sectors.
Notable past victims of Hunter’s International include Tata Technologies and the Benetton Group.
Threat Landscape Escalates for Public Health Sector
This attack is part of a wider surge in ransomware incidents targeting healthcare infrastructure in North America. With extensive regulatory obligations and the need for 24/7 operations, public health platforms are highly vulnerable—and highly valuable—to cybercriminals.
Health data platforms like Freedman Healthcare sit at the intersection of government, insurance, and personal health records. That makes any security breach not just a technical failure—but a national privacy risk.
Public Health Systems and the Cost of Downtime
When platforms that manage Medicaid claims, public health reporting, or insurance reconciliation go offline, the effects are immediate and severe. The risk isn’t just data leakage—it’s disruption of care, delayed reimbursements, and exposure of social vulnerability data.
For government agencies, nonprofits, and any firm managing regulated health data, resilience is no longer optional.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
