The Everest ransomware group has allegedly added UK-based addiction treatment provider Rehab Clinics Group Ltd to its leak site, claiming to possess sensitive patient communications, medical disclosures, and voice recordings tied to individuals seeking rehabilitation services.
According to the leak listing, the ransomware group claims it compromised the organization’s info@action-rehab.com mailbox and exfiltrated more than 14,000 email messages allegedly containing names, phone numbers, IP addresses, and detailed communications from individuals seeking treatment for drug and alcohol addiction.
The alleged leak also reportedly includes 179 audio recordings totaling more than 6 hours of conversations involving vulnerable clients discussing addiction treatment, detox requests, mental health struggles, and personal family circumstances.
At time of publication, BreachNews could not independently verify the authenticity or scope of the allegedly stolen data.
Addiction-treatment data carries elevated sensitivity
The listing claims the exposed communications contain highly sensitive special-category personal data involving substance dependency, mental health conditions, family information, financial hardship, and criminal history disclosures.
Healthcare and rehabilitation providers remain frequent ransomware targets because they routinely store confidential patient records, intake assessments, medical histories, and crisis communications that can create significant extortion pressure when exposed publicly.
The incident also reflects the continued expansion of ransomware operations into healthcare-adjacent organizations handling emotionally sensitive communications and long-term patient support services.
Everest has previously been linked to extortion campaigns targeting organizations across healthcare, engineering, logistics, manufacturing, and financial services sectors, including a recent wave of financial-sector extortion claims involving Citizens Bank and other enterprise targets.
Public confirmation remains absent
No public statement from Rehab Clinics Group Ltd regarding the alleged incident had been identified at time of publication.
Likewise, there is currently no public evidence confirming whether any systems were encrypted, whether negotiations occurred, or whether affected individuals were notified.
While established ransomware leak-site listings can indicate a real intrusion occurred, such claims do not independently verify the authenticity, completeness, or sensitivity of allegedly stolen files.
BreachNews is not reproducing patient excerpts or alleged voice recordings due to the highly sensitive nature of the claimed data.
