Precipio Data Breach Exposes Sensitive Patient Information in Ransomware Attack
Precipio, Inc., a Connecticut-based healthcare biotechnology company specializing in cancer diagnostics, confirmed a data breach after an unauthorized user accessed an employee’s cloud storage account. The incident, detected on November 25, 2026, occurred nearly a year earlier on or around November 23, 2025 when files were illicitly copied.
The breach was attributed to INC RANSOM, a ransomware group that claimed responsibility on December 2, 2025, alleging the theft of 150 GB of Precipio’s data and posting details on the dark web. Precipio engaged third-party cybersecurity experts to investigate and notified federal law enforcement.
Exposed data included sensitive patient information such as:
- Names and addresses
- Medical record numbers and dates of birth
- Clinical and treatment details
- Medical procedure and prescription information
- Health insurance and provider data
Precipio, founded in 2011, operates a clinical laboratory and develops proprietary diagnostic tools like IV-Cell and HemeScreen, serving physicians and patients nationwide. The company employs roughly 70 people.
Affected individuals may be eligible for compensation, with law firm Shamis & Gentile P.A. investigating potential legal claims. The breach underscores the ongoing risks of ransomware attacks targeting healthcare data.
Source: https://www.claimdepot.com/investigations/precipio-data-breach-2026
Precipio, Inc. cybersecurity rating report: https://www.rankiteo.com/company/precipio-diagnostics
"id": "PRE1770197652",
"linkid": "precipio-diagnostics",
"type": "Ransomware",
"date": "11/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Patients nationwide',
'industry': 'Healthcare, Diagnostics',
'location': 'Connecticut, USA',
'name': 'Precipio, Inc.',
'size': '70 employees',
'type': 'Healthcare biotechnology company'}],
'attack_vector': 'Unauthorized access to employee’s cloud storage account',
'customer_advisories': 'Affected individuals may be eligible for compensation',
'data_breach': {'data_exfiltration': 'Yes',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High (sensitive patient information)',
'type_of_data_compromised': ['Names and addresses',
'Medical record numbers',
'Dates of birth',
'Clinical and treatment details',
'Medical procedure information',
'Prescription information',
'Health insurance data',
'Provider data']},
'date_detected': '2026-11-25',
'date_publicly_disclosed': '2025-12-02',
'description': 'Precipio, Inc., a Connecticut-based healthcare biotechnology '
'company specializing in cancer diagnostics, confirmed a data '
'breach after an unauthorized user accessed an employee’s '
'cloud storage account. The breach was attributed to INC '
'RANSOM, a ransomware group that claimed responsibility and '
'alleged the theft of 150 GB of Precipio’s data.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive patient '
'information',
'data_compromised': '150 GB of data',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential legal claims and regulatory fines'},
'initial_access_broker': {'data_sold_on_dark_web': 'Alleged posting on dark '
'web',
'entry_point': 'Employee’s cloud storage account'},
'investigation_status': 'Ongoing',
'motivation': 'Data theft and extortion',
'ransomware': {'data_exfiltration': 'Yes', 'ransomware_strain': 'INC RANSOM'},
'references': [{'source': 'Precipio Incident Disclosure'}],
'regulatory_compliance': {'legal_actions': 'Potential legal claims (Shamis & '
'Gentile P.A. investigating)'},
'response': {'law_enforcement_notified': 'Notified federal law enforcement',
'third_party_assistance': 'Engaged third-party cybersecurity '
'experts'},
'threat_actor': 'INC RANSOM',
'title': 'Precipio Data Breach Exposes Sensitive Patient Information in '
'Ransomware Attack',
'type': 'Ransomware'}