Back to Blog
high severity June 24, 2026 · scope unconfirmed

Quest Health Solutions Listed by anubis Ransomware Group

Employee data, internal files, and a few unexpected discoveries.

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 24, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 24, 2026, healthcare provider Quest Health Solutions appeared on the leak site of the anubis ransomware group, with the attackers claiming to have exfiltrated employee data and internal files.

Confirmed Details of the Breach

Public reporting indicates the incident began as a ransomware attack in which anubis gained access to Quest Health Solutions’ systems, exfiltrated files, and later listed the organization on its dark-web leak page. The exposed material includes employee records and a variety of internal documents. The precise number of people affected remains unknown, and the company has not yet issued a public statement detailing the volume or exact nature of the stolen data. Available reporting describes the leak as containing both routine business files and “a few unexpected discoveries,” though specifics have not been independently verified.

Why This Matters for You and Your Family

When a healthcare employer’s internal files are stolen, the information often includes personal details that can be used to target you or members of your household. Employee data frequently contains full names, dates of birth, Social Security numbers, home addresses, and contact information—exactly the building blocks criminals need to open accounts, file fraudulent tax returns, or impersonate you. Even if you no longer work at the affected organization, records from past employment can remain in backup systems for years. For families, a single breach can expose spouses, dependents, and sometimes children whose information appears in insurance or benefits files.

The Doxxing and Identity-Chain Risk

Stolen internal files rarely stay isolated. Once employee data reaches criminal marketplaces, it can be combined with usernames, email addresses, or passwords that surface in other breaches. This creates an identity chain: an attacker starts with your work email, finds it reused on a personal account, then uses that foothold to access banking, social media, or gaming profiles. The process can quickly escalate into full doxxing, where your home address, phone number, and family relationships are published. Credential leaks like this one cascade into account takeovers, especially for gaming accounts that often rely on the same email or password families have used for years.

Anubis Ransomware Group’s Known Activity

Public reporting attributes the attack to the anubis ransomware group. The group emerged in late 2024 and has since targeted organizations across healthcare, manufacturing, and professional services. Notable prior victims include mid-sized hospitals and logistics companies whose employee and client data appeared on the same leak site. Their typical playbook involves initial access through phishing or exploited remote desktop credentials, followed by exfiltration of sensitive files and deployment of ransomware. If payment is not received, anubis publishes samples of the stolen data and threatens full release, using both financial extortion and reputational pressure.

What to do

  • Run a DoxxScan to map every link between your handles, emails, phone numbers, and real identity, then use the no-subscription cleanup to remove what you can.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your information is caught in hours rather than months.
  • Rotate any password you used at Quest Health Solutions anywhere else it appears, and switch to 2FA through an authenticator app instead of text messages.
  • Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts, which often chain back to the same addresses or parent emails.
  • Let remediation specialists handle takedown requests across data brokers and leak sites so you do not have to negotiate with threat actors yourself.

The incident shows how quickly a workplace data breach can reach your front door and your children’s online lives. Taking concrete steps now limits how far attackers can travel along the identity chain. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full household coverage that includes children’s gaming accounts. Starting that process today turns a reactive situation into managed protection for your family.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.