542,377
Centers Laboratory (Centers Lab NJ LLC), a healthcare testing and diagnostics provider, has officially disclosed a data breach that has impacted 542,377 individuals. According to a filing with the U.S. Department of Health and Human Services, the incident was discovered in August 2025 and involved unauthorized access to the company's IT environment. The threat actors exfiltrated a significant amount of sensitive data, including Social Security numbers and protected health information (PHI). The WorldLeaks extortion group has claimed responsibility for the attack, adding Centers Lab to its data leak site and alleging the theft of 720 GB of data.
The incident is a classic data breach and extortion scenario targeting the healthcare sector, which is a high-value target due to the sensitive nature of the data it holds.
Details on the initial access vector have not been disclosed. However, the investigation revealed that threat actors had access to Centers Laboratory's systems for approximately five days. During this window, they were able to navigate the network and exfiltrate large quantities of data.
The compromised data includes a wide range of Personal Identifiable Information (PII) and Protected Health Information (PHI):
The WorldLeaks group's claim of stealing 720 GB across 1.6 million files suggests a large-scale, indiscriminate data grab from file servers or databases within the laboratory's network.
T1213 - Data from Information Repositories: The attackers accessed and stole data from the company's core data stores.T1048 - Exfiltration Over Alternative Protocol: The method used to transfer 720 GB of data out of the network.T1486 - Data Encrypted for Impact: While not explicitly stated, groups like WorldLeaks often combine data theft with ransomware (double extortion).T1657 - Financial Theft: The ultimate goal of the extortion.The impact on the 542,377 affected individuals is severe and long-lasting. The combination of PII and PHI is a toxic cocktail that can be used for a variety of malicious purposes:
For Centers Laboratory, the impact includes significant costs for incident response, legal fees, regulatory fines under HIPAA, and long-term reputational damage.
No specific file hashes, IP addresses, or domains were provided in the source articles.
To detect similar data breaches, organizations should monitor for signs of large-scale data staging and exfiltration:
*.zip, *.rar, *.7zrclone.exe, megacmd.exeEncrypt sensitive data at rest to ensure that even if exfiltrated, it remains unreadable without the decryption keys.
Isolate networks containing PHI/PII from less secure parts of the corporate network to limit the blast radius of a compromise.
Use DLP and network analysis tools to detect and block large-scale data exfiltration attempts in real-time.
Enforce the principle of least privilege to ensure user and service accounts cannot access data beyond their specific job function.
Threat actors gain access to Centers Laboratory's IT environment.
Threat actor access to the network ends.
Centers Laboratory discovers the security breach.
The WorldLeaks group lists Centers Laboratory on its dark web leak site.
The company formally reports the breach to regulators and begins notifying victims.

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.
CyberNetSec.io uses automation to assist source monitoring, deduplication, observable extraction, and structured intelligence generation. Published analysis follows human-defined editorial standards and adds defensive context including MITRE ATT&CK, D3FEND, STIX, and Sigma where applicable. Read our editorial policy.
Help others stay informed about cybersecurity threats
Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.
Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.
Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.
Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.
Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.