In November 2025, Invacare International Holdings Corp., a leading manufacturer of medical equipment (e.g., wheelchairs, respiratory devices, and mobility aids), suffered a **ransomware attack** by the **RHYSIDA** group. The attackers claimed to have stolen sensitive personal data—including **names, addresses, dates of birth, Social Security numbers, health insurance details, medical records, and financial information**—from **thousands of current/former patients and employees**. The stolen data was threatened for public release on the dark web if ransom demands were unmet. The breach exposed highly confidential information, posing risks of **identity theft, financial fraud, and medical privacy violations**. The incident triggered legal investigations, with affected individuals urged to monitor credit reports, enroll in identity protection services, and seek compensation for damages like emotional distress, lost time, and out-of-pocket expenses.
Source: https://www.claimdepot.com/investigations/invacare-data-breach-2025
Invacare U.S. cybersecurity rating report: https://www.rankiteo.com/company/invacare-us
"id": "inv1592415111025",
"linkid": "invacare-us",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Several thousand (current and '
'former patients and employees)',
'industry': 'Medical Equipment Manufacturing & '
'Distribution',
'location': 'Elyria, Ohio, USA',
'name': 'Invacare International Holdings Corp.',
'size': 'Large (global operations in North America, '
'Europe, and Asia Pacific)',
'type': 'Public Company'}],
'attack_vector': 'Ransomware (likely phishing, exploit, or compromised '
'credentials)',
'customer_advisories': ['Review and save notification letters.',
'Enroll in free credit monitoring/identity protection '
'if offered.',
'Monitor accounts for unauthorized activity.',
'Consider placing a fraud alert or credit freeze.',
'Seek legal assistance for potential compensation.'],
'data_breach': {'data_encryption': 'Likely (ransomware attack implies '
'encryption of systems)',
'data_exfiltration': 'Yes (claimed by RHYSIDA group)',
'number_of_records_exposed': 'Several thousand (exact number '
'undisclosed)',
'personally_identifiable_information': ['Name',
'Address',
'Date of birth',
'Social Security '
'number',
'Health insurance '
'information',
'Medical records'],
'sensitivity_of_data': 'High (includes SSN, medical, and '
'financial data)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)',
'Financial Information']},
'date_detected': 'Early November 2025',
'date_publicly_disclosed': 'November 4, 2025',
'description': 'Invacare International Holdings Corp., a major manufacturer '
'and distributor of medical equipment, was targeted by a '
'ransomware attack in early November 2025. The attack was '
'carried out by the RHYSIDA group, who claimed to have '
'accessed and stolen sensitive personal data, including names, '
'addresses, dates of birth, Social Security numbers, health '
'insurance information, medical records, and financial '
'information. The group threatened to publish the data on the '
'dark web if their demands were not met within six to seven '
'days. The breach is believed to affect several thousand '
'current and former patients and employees.',
'impact': {'brand_reputation_impact': 'High (potential loss of trust among '
'patients and healthcare partners)',
'data_compromised': ['Name',
'Address',
'Date of birth',
'Social Security number',
'Health insurance information',
'Medical information',
'Financial information'],
'identity_theft_risk': 'High (due to exposure of PII and financial '
'data)',
'legal_liabilities': 'Potential lawsuits and compensation claims '
'from affected individuals',
'payment_information_risk': 'Moderate (financial information '
'exposed)'},
'initial_access_broker': {'data_sold_on_dark_web': 'Threatened (publication '
'if ransom unmet)',
'high_value_targets': ['Patient records',
'Employee data',
'Financial systems']},
'investigation_status': 'Ongoing (class action investigation by Shamis & '
'Gentile P.A.)',
'motivation': 'Financial (ransom demand)',
'ransomware': {'data_encryption': 'Likely',
'data_exfiltration': 'Yes',
'ransomware_strain': 'RHYSIDA'},
'recommendations': ['Enroll in credit monitoring and identity protection '
'services if offered.',
'Monitor financial statements for suspicious activity.',
'Place a fraud alert on credit reports.',
'Request free annual credit reports from major bureaus.',
'Seek legal counsel if affected to explore compensation '
'options.'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'}],
'regulatory_compliance': {'legal_actions': 'Class action lawsuits under '
'investigation by Shamis & Gentile '
'P.A.',
'regulations_violated': ['Potential HIPAA '
'violations (health data '
'exposure)',
'State data breach '
'notification laws (e.g., '
'California Consumer '
'Privacy Act if '
'applicable)']},
'response': {'communication_strategy': 'Notification letters to affected '
'individuals (assumed), credit '
'monitoring services offered '
'(assumed)'},
'threat_actor': 'RHYSIDA',
'title': 'Invacare International Holdings Corp. Ransomware Attack (November '
'2025)',
'type': 'Ransomware Attack / Data Breach'}