Ransomware Group: EVEREST

VICTIM NAME: PDI Health

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the EVEREST Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page publicly exposed sensitive information related to PDI Health, a healthcare service provider based in the United States. The breach was discovered on May 14, 2025, shortly after the attack occurred, indicating prompt detection. PDI Health specializes in mobile healthcare solutions such as COVID-19 testing, vaccinations, and mobile clinics, serving workplaces and communities to promote healthier environments. The leak appears to include confidential data associated with their operations, potentially impacting patient privacy and organizational integrity. The page features a screenshot showing internal content, emphasizing the severity of the breach, and hints at the distribution of leaked data, including possible files or information that could be exploited.

The leak was attributed to the cyber group “Everest,” and a claim URL hosting the leak is accessible via an anonymous dark web address. No specific compromised data or download links are provided in the available information, but the leak’s existence suggests that sensitive operational or patient-related data might be involved. The breach is significant given PDI Health’s role within the healthcare sector, raising concerns about potential privacy violations and data security breaches. The publicly shared screenshot indicates that internal documentation or organizational details have been compromised, underscoring the importance of cybersecurity measures for healthcare providers.