Balance Diagnostics 2025 Data Breach

Balance Diagnostics Imaging Services Breach (2025): Patient SSN & Home Address Exposed | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

EverestRansomwareMedicalEmail AddressPhone NumberPhysical AddressSocial Security Number
High SeverityWebsite / service breach

Balance Diagnostics Imaging Services Breach (2025): Patient SSN & Home Address Exposed

Diagnostics and imaging services provider.

Verified by ObscureIQ Intelligence
75/100Breach Risk Index
27Data Value
40Market Recency
287dSince Breach

Breach Intelligence Summary

Entity: Balance Diagnostics · Actor: Everest · Sources: 2 references
Attack: Ransomware
Profile: Healthcare provider · Diagnostic and testing services · Medical services provider · USA
Timeline: Breach (2025-05-06) · Indexed (Jul 14, 2025) · Year (2025)
Exposure: 26K records · 4 fields: Email Address, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

Balance Diagnostics, a medical imaging provider based in Cedarhurst, New York, was attacked on May 6, 2025 by the Everest ransomware operation. Initial samples of stolen data appeared on Everest's dark-web leak page immediately after the incident. The full cache, containing approximately 31,000 records, was released publicly on June 18, 2025 after ransom demands went unmet.\n\nThe breach affected approximately 26,000 individuals based on the records indexed by breach-tracking services. Compromised fields included names, email addresses, phone numbers, home addresses, and Social Security numbers. As a medical imaging provider, the underlying records exfiltrated by the attackers also include diagnostic imaging studies, referring-physician details, billing records, and insurance information typical of an outpatient radiology operation.\n\nFor affected patients, the practical risk profile combines identity-fraud exposure with medical-imaging-specific risks. The combination of name, address, and Social Security number is a strong base for synthetic identity fraud and fraudulent credit applications. Inclusion in the dataset confirms a diagnostic-imaging relationship and likely identifies the referring physician, which can support medical-themed phishing referencing real imaging studies, results, or insurance disputes. Affected patients should freeze credit at all three U.S. bureaus, monitor health-insurance statements for unfamiliar imaging or diagnostic charges, and treat unsolicited contact referencing Balance Diagnostics, imaging studies, or referring physicians with caution.

ObscureIQ assessment: High risk of identity theft, medical fraud, and privacy harm. Test-related healthcare data can also support targeted scams exploiting health concerns or treatment status.

Breach Impact

The institutional impact on Balance Diagnostics is meaningful given the practice's regional scale relative to the breach. Federal HIPAA notification obligations, an Office for Civil Rights review, attorney-general filings, and active class-action investigations are all underway. The Everest gang's release of the full dataset rather than holding it in private extortion creates direct evidence of broad data exposure and strengthens future litigation. Operationally, the practice continues to provide imaging services. Reputational exposure is concentrated within the regional referring-physician network, where breach handling can affect referral relationships and ongoing patient acquisition.

About Balance Diagnostics

Balance Diagnostics is a U.S.-based medical imaging and diagnostics services provider, headquartered in Cedarhurst, New York. The company offers medical imaging services typical of a regional outpatient diagnostic provider, including radiology, ultrasound, and related testing services for referring physicians and patients. As a HIPAA-regulated healthcare provider, Balance Diagnostics maintains patient identity, contact, insurance, billing, and diagnostic-imaging records, alongside referral relationships with primary care and specialty practices across its service area. Patient relationships are typically transactional and tied to specific referrals rather than long-term care, which influences how the practice handles longitudinal records.

Why They Hold Your Data

Diagnostic and testing providers collect patient identity, contact, insurance, billing, appointment, and test-related medical records across clinical and administrative workflows.

Recent Developments

Balance Diagnostics was attacked on May 6, 2025 by the Everest ransomware gang. Initial data samples appeared on dark-web leak pages immediately after the incident, and the full dataset of approximately 31,000 records was released on June 18, 2025 after ransom demands went unmet. The practice has not publicly disclosed extensive operational detail about the incident as of this writing. The Everest gang has been an active extortion group throughout 2024 and 2025 with multiple healthcare-sector victims. Class-action investigations by U.S. plaintiff law firms followed the dataset release in mid-2025. HHS Office for Civil Rights review obligations apply.

Data Points Exposed

4 verified field types
Email Address
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:High
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
Threat vectors:
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Threat Actor: Everest

Everest
Ransomware

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Balance Diagnostics breach?

Balance Diagnostics, a medical imaging provider based in Cedarhurst, New York, was attacked on May 6, 2025 by the Everest ransomware operation. Initial samples of stolen data appeared on Everest's dark-web leak page immediately after the incident. The full cache, containing approximately 31,000…

What data was exposed?

Verified fields include Email Address, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation