Precipio, Inc., a cancer diagnostics firm, recently confirmed a significant data breach after an unauthorized party gained access to an employee’s cloud storage account. The incident, linked to the INC RANSOM group, resulted in the theft of 150 gigabytes of sensitive data including personal identification and private medical records.
Precipio first identified the security lapse on November 25, 2026, when they noticed unusual activity within a corporate cloud-based storage system. After launching a forensic investigation alongside outside cybersecurity specialists, the company determined that the actual breach had taken place nearly a year earlier, around November 23, 2025. During this window of unauthorized access, the intruder successfully copied various internal files and moved them off-site.
The responsibility for the cyberattack was claimed by a known ransomware collective identified as INC RANSOM. On December 2, 2025, the group listed Precipio on its dark web leak site, asserting that they had exfiltrated approximately 150 gigabytes of data. This specific timing and method suggest the company was a deliberate target in a broader ransomware campaign aimed at healthcare and diagnostic entities.
An analysis of the stolen files revealed a vast array of sensitive information pertaining to patients and clients. The compromised data included basic identifiers like names, physical addresses, and dates of birth, alongside deeply personal clinical details. Specific medical record numbers, provider names, treatment history, prescription details, and comprehensive health insurance information were all found to be part of the unauthorized data set.
The impact of the breach is considered high risk because it involves both personally identifiable information and protected health records, which are highly valued by identity thieves. While the diagnostics firm has not yet provided a specific count of the individuals affected by this leak, the depth of the medical data exposed has led experts to categorize the event as a severe security failure.
In response to the discovery and subsequent investigation, the company has officially acknowledged the situation to the public. They have posted a formal notice of the security incident on their corporate website to inform stakeholders and those whose data may have been compromised. This notification serves as part of their regulatory requirements following the unauthorized disclosure of private health information.
Source: Precipio Data Breach Exposes 150 GB Of Sensitive PHI And PII
Solid breakdown. The nearly year-long undetected access window before discovery is the real issue here, it shows how advanced persistent threats can operate under the radar even in healthcare environments. The 150GB of PHI/PII combintaion is basically an identity theft goldmine. I've seen similar delayed detection in smaller clinics but not usually at this scale from diagnostics firms.