On November 4, 2025, Invacare International Holdings Corp., a medical device manufacturer, fell victim to a RHYSIDA ransomware attack. The attackers breached the company’s systems, encrypted critical files, and exfiltrated sensitive data, including personally identifiable information (PII) and protected health information (PHI) such as names, addresses, Social Security numbers, financial details, and health records of patients, clients, and employees. The ransomware group threatened to publicly release the stolen data within six to seven days if their demands were not met.The breach poses severe risks, including identity theft, financial fraud, and reputational damage, given the sensitive nature of the exposed data. Invacare has not yet disclosed the full scope of affected individuals or organizations but is collaborating with cybersecurity experts and law enforcement to investigate and mitigate the incident. Affected parties are advised to monitor financial accounts, watch for phishing attempts, and consider credit freezes. The company may offer credit monitoring or identity theft protection as part of its response.
Source: https://www.claimdepot.com/data-breach/invacare-2025
TPRM report: https://www.rankiteo.com/company/invacare-us
"id": "inv2192521111025",
"linkid": "invacare-us",
"type": "Ransomware",
"date": "5/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'medical device manufacturing and '
'distribution',
'name': 'Invacare International Holdings Corp.',
'type': 'corporation'}],
'customer_advisories': ['Review notices from Invacare or medical providers.',
'Monitor financial accounts and credit reports.',
'Watch for phishing emails referencing Invacare.',
'Change passwords for potentially affected accounts.',
'Consider fraud alerts or credit freezes if data was '
'shared with Invacare.',
'Utilize credit monitoring or identity theft '
'protection if offered.'],
'data_breach': {'data_encryption': True,
'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'high (includes PII and PHI)',
'type_of_data_compromised': ['personally identifiable '
'information (PII)',
'protected health information '
'(PHI)',
'names',
'addresses',
'email addresses',
'Social Security numbers',
'financial information',
'health information']},
'date_detected': '2025-11-04',
'date_publicly_disclosed': '2025-11-04',
'description': 'On Nov. 4, 2025, the RHYSIDA ransomware group claimed '
'responsibility for a cyberattack targeting Invacare '
'International Holdings Corp., a medical device manufacturing '
'and distribution company. The group breached Invacare’s '
'systems, encrypted critical files, and exfiltrated sensitive '
'organizational data, including personally identifiable '
'information (PII) and protected health information (PHI). The '
'attackers threatened to publicly release the stolen data '
'within six to seven days unless ransom demands were met. The '
'breach was first reported on the Tor network, and its '
'severity is classified as high due to the risk of identity '
'theft and fraud.',
'impact': {'brand_reputation_impact': 'high (risk of identity theft and fraud '
'due to public data release threat)',
'data_compromised': ['personally identifiable information (PII)',
'protected health information (PHI)',
'names',
'addresses',
'email addresses',
'Social Security numbers',
'financial information',
'health information'],
'identity_theft_risk': 'high',
'payment_information_risk': 'high'},
'investigation_status': 'ongoing (engaging with cybersecurity experts and law '
'enforcement)',
'motivation': 'financial extortion',
'ransomware': {'data_encryption': True,
'data_exfiltration': True,
'ransomware_strain': 'RHYSIDA'},
'recommendations': ['Review any notice or communication from Invacare or '
'medical providers.',
'Monitor financial accounts and credit reports for '
'unusual activity.',
'Be alert for phishing emails or suspicious '
'communications referencing Invacare or personal '
'information.',
'Change passwords for accounts overlapping with Invacare '
'services.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus if personal or financial data was '
'shared with Invacare.',
'Take advantage of credit monitoring or identity theft '
'protection services if offered by Invacare.'],
'references': [{'date_accessed': '2025-11-04',
'source': 'Dark web post by RHYSIDA ransomware group (Tor '
'network)'}],
'regulatory_compliance': {'regulatory_notifications': 'state and federal '
'disclosures '
'(expected)'},
'response': {'communication_strategy': ['notifying impacted individuals by '
'mail',
'making required state and federal '
'disclosures',
'potential credit monitoring or '
'identity theft protection services '
'for affected parties'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'third_party_assistance': 'cybersecurity experts'},
'threat_actor': 'RHYSIDA ransomware group',
'title': 'RHYSIDA Ransomware Attack on Invacare International Holdings Corp.',
'type': 'ransomware attack'}