The World Leaks ransomware operation has claimed responsibility for an alleged cyberattack against Philadelphia-based nonprofit healthcare provider COMHAR, adding the organization to its leak site and threatening to publish purportedly stolen data.
According to the group’s listing, COMHAR is the latest organization to become the target of its double extortion campaign, where threat actors claim to steal sensitive information before demanding payment and threatening to release the data publicly if negotiations fail.
At the time of publication, COMHAR had not issued any public statement acknowledging a cybersecurity incident or confirming the ransomware group’s claims.
Healthcare nonprofit allegedly targeted
COMHAR is a nonprofit behavioral health and human services organization founded in 1975 that provides mental health, intellectual and developmental disability, substance use, residential, and family support services throughout the Philadelphia region. The organization says it serves more than 5,500 individuals each month through community, home, school, and residential programs.
The World Leaks leak site identifies COMHAR as a newly disclosed victim but does not publicly specify what information was allegedly stolen or the total volume of data purportedly exfiltrated. No sample files or proof of compromise were available at the time of publication.
As with other ransomware operations, World Leaks uses its leak portal to pressure organizations into paying ransom demands by threatening to publish allegedly stolen data. Listings on ransomware leak sites should be treated as unverified unless independently confirmed by the affected organization or supported by additional evidence.
No evidence of operational disruption
There is currently no public indication that COMHAR’s operations or patient services have been disrupted as a result of the alleged incident. Likewise, there is no independent confirmation that ransomware was deployed within the organization’s environment.
If the claims are legitimate, a compromise of a behavioral healthcare provider could expose highly sensitive information, potentially including patient records, treatment documentation, employee information, financial records, internal correspondence, and other confidential operational data. However, there is currently no evidence confirming what information, if any, was accessed or stolen.
Related ransomware activity
World Leaks has continued expanding its extortion campaign in recent weeks. Last month, the group claimed responsibility for a cyber incident affecting Tata Electronics, alleging it had stolen a 630 GB dataset after the company disclosed a cybersecurity incident. Read our coverage: Tata Electronics confirms cybersecurity incident as World Leaks claims publication of 630 GB dataset.
Healthcare organizations have also remained frequent ransomware targets. Recent incidents covered by BreachNews include Kazu Group’s claim against WELL Health Kensington and Kazu Group’s alleged theft of 6 million Yocale appointment records.
BreachNews will continue monitoring the incident for any public statement from COMHAR or additional evidence released by the ransomware operation regarding its claims.












