Healthcare IT vendor providing EHR, practice-management, and medical-data-management software (SaaS/hosted).
VirMedice, LLC, a healthcare IT vendor providing EHR and practice-management software, suffered a ransomware attack attributed to the PEAR group and discovered on September 16, 2025. Exposed data reportedly included names, Social Security numbers, dates of birth, home/street addresses, phone numbers, email addresses, and medical diagnoses. Because VirMedice hosts data for multiple provider clients, the breach carries downstream exposure. The affected-individual count is not officially confirmed; a DataBreach.com parse cited roughly 1,116,576 records. The breach is catalogued by DataBreach.com and ransomware trackers.
ObscureIQ assessment: High risk because the company may sit inside multiple clinical systems at once. Exposure can enable medical fraud, provider impersonation, ransomware targeting, and compromise of downstream healthcare clients.
Because VirMedice hosts EHR and practice-management data for multiple provider clients, a single breach can expose patients across many practices at once. The circulating data combined Social Security numbers, dates of birth, addresses, and medical diagnoses, an unusually complete bundle enabling identity theft, synthetic-identity and medical fraud, provider impersonation, and downstream compromise of the clinics that rely on VirMedice.
VirMedice, LLC is a U.S. healthcare technology company providing electronic health record (EHR), practice-management, and medical-data-management software to medical practices under SaaS and hosted deployment models. As a healthcare IT vendor, it stores protected health information on behalf of multiple provider clients, sitting inside their clinical and billing systems.
Healthcare IT resellers and managed cloud providers collect provider, patient, billing, infrastructure, and administrative records across electronic health record and practice-management deployments.
VirMedice discovered a ransomware incident on September 16, 2025, attributed to the PEAR group, which listed the company on its dark-web leak site. As a healthcare IT vendor holding data for multiple practices, the breach carries downstream exposure for its provider clients; the affected-individual count had not been officially confirmed. Class-action investigations followed.
Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.
Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.
If you believe your information may be included:
VirMedice, LLC, a healthcare IT vendor providing EHR and practice-management software, suffered a ransomware attack attributed to the PEAR group and discovered on September 16, 2025. Exposed data reportedly included names, Social Security numbers, dates of birth, home/street addresses, phone…
Verified fields include Date of Birth, Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number.
Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.
Every claim on this page is traceable. This breach draws on:
Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.
Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.
Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.
Request Consultation