The ransomware gang PEAR claimed responsibility for a data breach at Think Big Health Care Solutions, compromising extensive personal and sensitive information. The stolen data includes names, Social Security numbers, tax ID numbers, passport numbers, addresses, dates of birth, phone numbers, email addresses, health insurance details, bank account numbers, credit and debit card information, medical records, and more. PEAR allegedly stole 60 GB of data and posted samples to prove the breach. Think Big confirmed suspicious activity involving an employee’s email account but has not verified the full extent of the breach. The company is offering affected individuals free credit monitoring and identity theft protection.
TPRM report: https://www.rankiteo.com/company/think-big-health-care-solutions
"id": "thi358080725",
"linkid": "think-big-health-care-solutions",
"type": "Ransomware",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Healthcare',
'location': 'Florida, USA',
'name': 'Think Big Health Care Solutions',
'type': 'Healthcare Management Company'}],
'attack_vector': 'Email account compromise',
'customer_advisories': 'Breach notice letters sent to victims',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal Information',
'Financial Information',
'Medical Information']},
'date_detected': '2025-06-20',
'description': 'Ransomware gang PEAR took credit for a June 2025 data breach '
'at Think Big Health Care Solutions, an enterprise healthcare '
'management company in Florida. The breach compromised '
'extensive personal and medical information, with PEAR '
'claiming to have stolen 60 GB of data.',
'impact': {'brand_reputation_impact': 'High',
'data_compromised': ['Names',
'Social Security numbers',
'Tax ID numbers',
'Passport numbers',
'Addresses',
'Dates of birth',
'Phone numbers',
'Email addresses',
'Web URLs',
'Health insurance policy numbers',
'Bank account numbers',
'Routing numbers',
'Credit and debit card numbers',
'CVVs',
'Expiration dates',
'Medical info including diagnoses, '
'conditions, lab results, medications',
'Claims info',
'Medical record numbers',
'CPT codes',
'Referring providers'],
'identity_theft_risk': 'High',
'payment_information_risk': 'High'},
'initial_access_broker': {'entry_point': 'Employee’s email account'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion, Data Theft',
'ransomware': {'data_exfiltration': True, 'ransomware_strain': 'PEAR'},
'references': [{'source': 'Comparitech'}],
'response': {'communication_strategy': 'Breach notice letters to victims',
'incident_response_plan_activated': True,
'third_party_assistance': 'Haystack ID (for credit monitoring '
'and identity theft protection)'},
'threat_actor': 'PEAR (Pure Extraction and Ransom)',
'title': 'Ransomware Attack on Think Big Health Care Solutions',
'type': 'Data Breach, Ransomware'}