Executive Summary
Centers Laboratory, a healthcare diagnostics provider based in Cedar Knolls, New Jersey, experienced a significant data breach affecting approximately 540,000 individuals. The breach occurred between August 9 and August 14, 2025, when an unauthorized actor accessed and exfiltrated sensitive personal and health information from the company’s systems. The incident was discovered on August 25, 2025, and publicly disclosed on June 18, 2026, following notification to the Vermont Attorney General and other regulatory bodies. The compromised data includes names, dates of birth, Social Security numbers, government-issued identification numbers, health insurance information, and medical records. The threat actor known as Worldleaks claimed responsibility for the breach and reportedly leaked the data on the Tor dark web network. Centers Laboratory has advised affected individuals to monitor their financial and health accounts for suspicious activity and has established a dedicated support line for inquiries. Regulatory investigations are ongoing, and the breach has triggered mandatory reporting under HIPAA and state data protection laws. No technical indicators of compromise have been published as of June 2026.
Technical Information
The Centers Laboratory breach was characterized by unauthorized access and data exfiltration over a five-day period in August 2025. The attack vector has not been explicitly disclosed, but sector analysis and threat actor profiling suggest the use of compromised credentials or insider access, which are common in healthcare sector breaches. The threat actor, Worldleaks, is associated with data-extortion and ransomware operations, although there is no direct evidence of ransomware deployment or encryption in this incident. The breach was discovered through internal review and confirmed by third-party digital forensics specialists. The exfiltrated data set reportedly included patient test records, laboratory reports, employee and staff information, diagnostic data, and internal operational files. The types of personally identifiable information (PII) and protected health information (PHI) exposed were extensive, encompassing names, dates of birth, Social Security numbers, driver’s license or state identification numbers, passport numbers, health insurance information, and medical information. The breach was publicly claimed by Worldleaks on October 6, 2025, via a posting on the Tor dark web network, which increased the risk of further criminal exploitation of the stolen data. Centers Laboratory’s response included notification to affected individuals, establishment of a dedicated call center, and recommendations for credit monitoring and vigilance against identity theft and fraud. The incident has been reported to multiple state attorneys general and the U.S. Department of Health & Human Services Office for Civil Rights, as required by HIPAA.
Affected Versions & Timeline
The breach affected Centers Laboratory’s core information systems, including databases containing patient, employee, and operational data. The unauthorized access and data exfiltration occurred between August 9 and August 14, 2025. The breach was discovered on August 25, 2025, and publicly disclosed on June 18, 2026. The threat actor’s claim and data leak were posted on the Tor dark web network on October 6, 2025. The affected data includes records collected and maintained by Centers Laboratory during the period leading up to the breach. There is no evidence that specific software versions or products were exploited, and no technical vulnerabilities have been publicly identified.
Threat Activity
The threat actor identified as Worldleaks is known for targeting healthcare and laboratory organizations with data-extortion and ransomware tactics. In this incident, Worldleaks claimed responsibility for the breach and published the stolen data on the Tor dark web network. The group’s modus operandi typically involves exfiltration of sensitive data, followed by extortion attempts and public disclosure if demands are not met. While there is no direct evidence of ransomware deployment in the Centers Laboratory breach, the pattern of activity is consistent with other sector incidents attributed to Worldleaks and similar groups. The healthcare sector remains a high-value target due to the sensitivity of PHI and the operational impact of data loss or disruption. Regulatory filings and sector analysis confirm that the breach is part of a broader trend of attacks on U.S. healthcare providers between 2024 and 2026.
Mitigation & Workarounds
Centers Laboratory has recommended that affected individuals remain vigilant for signs of identity theft and fraud by monitoring account statements, explanation of benefits statements, and free credit reports for suspicious or unauthorized activity. The company has established a dedicated support line for breach-related inquiries. From a technical perspective, organizations in the healthcare sector should prioritize the following mitigation strategies, ranked by severity:
Critical: Implement robust access controls and multi-factor authentication to prevent unauthorized access to sensitive systems and data. Conduct regular audits of user accounts and privileges, and monitor for anomalous access patterns.
High: Engage third-party digital forensics specialists immediately upon detection of suspicious activity. Ensure timely notification to regulatory authorities and affected individuals in accordance with HIPAA and state data breach laws.
Medium: Provide ongoing security awareness training to employees, emphasizing phishing prevention and secure handling of credentials. Regularly update and patch all systems to address known vulnerabilities.
Low: Encourage affected individuals to utilize credit monitoring services and consider placing fraud alerts or credit freezes with major credit bureaus.
Indicators of Compromise
No public indicators of compromise (IOCs) were available at the time of writing. Organizations should continue to monitor threat intelligence feeds and regulatory disclosures for any updates.
References
Claim Depot, "Centers Laboratory Data Breach: Driver's Licenses, SSNs, and More Exposed," Published June 23, 2026, https://www.claimdepot.com/data-breach/centers-laboratory-2026
U.S. Department of Health & Human Services - Office for Civil Rights, Breach Portal, Accessed June 2026, https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
HIPAA Journal, "Laboratory Services Cooperative Breach Impacts 1.6 Million People," Posted April 11, 2025, https://www.hipaajournal.com/laboratory-services-cooperative-data-breach/
Blackpoint Cyber, "World Leaks Ransomware" (summary only), https://blackpointcyber.com/threat-profile/world-leaks-ransomware/
About Rescana
Rescana provides a third-party risk management (TPRM) platform designed to help organizations identify, assess, and monitor cybersecurity risks in their vendor ecosystem. Our platform enables continuous monitoring of vendor security posture, automated risk assessments, and streamlined incident response workflows. These capabilities support healthcare organizations in meeting regulatory requirements and reducing the risk of data breaches involving sensitive information.
We are happy to answer questions at info@rescana.com.



