Ikron Corp. Discloses Dual Ransomware Attack Affecting 11,845 Individuals
Ikron Corp., a nonprofit providing behavioral health, employment, and education services in Cincinnati, Ohio, and Seattle, Washington, reported a data breach impacting 11,845 individuals across the U.S. The incident, disclosed to the U.S. Department of Health and Human Services on May 4, 2026, stemmed from a ransomware attack detected in February 2026, though the initial intrusion occurred on December 23, 2025.
An investigation revealed two separate unauthorized parties accessed Ikron Corp.’s systems. The first extracted administrative and employment-related data, including records of current and former employees. A second intrusion, discovered on March 4, 2026, targeted the organization’s electronic health records, exposing protected health information (PHI) such as clinical notes, diagnoses, treatment plans, and insurance details. Additional compromised data included vocational service records, intake assessments, and program participation files.
On March 28, 2026, the ransomware group Exitium claimed responsibility, asserting it had exfiltrated 278 GB of data and threatened to publish it within days.
Exposed information included:
- Personally identifiable information (PII): Names, addresses, dates of birth, Social Security numbers, and driver’s license numbers.
- Protected health information (PHI): Medical histories, diagnoses, treatment plans, medication details, and insurance data.
- Vocational and employment records: Intake forms, service notes, education history, and program participation details.
Ikron Corp. is notifying affected individuals as they are identified and offering 12 months of complimentary credit monitoring. The organization has established a dedicated helpline for impacted individuals seeking further assistance.
Source: https://www.claimdepot.com/data-breach/ikron-corporation-2026
IKRON CORPORATION cybersecurity rating report: https://www.rankiteo.com/company/ikron-corporation
"id": "IKR1780528336",
"linkid": "ikron-corporation",
"type": "Ransomware",
"date": "12/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'customers_affected': '11,845',
'industry': 'Behavioral health, Employment, Education',
'location': 'Cincinnati, Ohio; Seattle, Washington',
'name': 'Ikron Corp.',
'type': 'Nonprofit'}],
'customer_advisories': '12 months of complimentary credit monitoring, '
'Dedicated helpline',
'data_breach': {'data_exfiltration': 'Yes',
'number_of_records_exposed': '11,845 individuals',
'personally_identifiable_information': ['Names',
'Addresses',
'Dates of birth',
'Social Security '
'numbers',
'Driver’s license '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Protected health information '
'(PHI)',
'Vocational and employment '
'records']},
'date_detected': '2026-02-01',
'date_publicly_disclosed': '2026-05-04',
'description': 'Ikron Corp., a nonprofit providing behavioral health, '
'employment, and education services, reported a data breach '
'impacting 11,845 individuals across the U.S. The incident '
'stemmed from a ransomware attack detected in February 2026, '
'with initial intrusion occurring on December 23, 2025. Two '
'separate unauthorized parties accessed Ikron Corp.’s systems, '
'extracting administrative, employment-related data, and '
'protected health information (PHI). The ransomware group '
'Exitium claimed responsibility and threatened to publish 278 '
'GB of exfiltrated data.',
'impact': {'data_compromised': '278 GB',
'identity_theft_risk': 'High',
'systems_affected': 'Electronic health records, administrative and '
'employment systems'},
'investigation_status': 'Ongoing',
'motivation': 'Financial gain, Data exfiltration',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'Exitium'},
'references': [{'source': 'U.S. Department of Health and Human Services'}],
'regulatory_compliance': {'regulations_violated': ['HIPAA'],
'regulatory_notifications': 'U.S. Department of '
'Health and Human '
'Services'},
'response': {'communication_strategy': 'Dedicated helpline, Notifications to '
'affected individuals'},
'threat_actor': 'Exitium',
'title': 'Ikron Corp. Discloses Dual Ransomware Attack Affecting 11,845 '
'Individuals',
'type': 'Ransomware'}