Back to Blog
high severity April 21, 2026 · scope unconfirmed

ViaQuest Listed by anubis Ransomware Group

Large-scale data breach at a care provider for seriously ill patients.

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed April 21, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On April 21, 2026, ViaQuest, a care provider supporting seriously ill patients, was listed on the leak site of the anubis ransomware group. The organization confirmed that internal files had been exfiltrated during a ransomware attack, exposing data that could affect patients, employees, and their families.

Confirmed Facts from Reporting

Public reporting indicates ViaQuest provides care services to individuals with serious illnesses. The anubis ransomware group added the company to its leak site on April 21, 2026, claiming to have stolen internal files. Available reporting describes the incident as a ransomware attack involving both encryption and data exfiltration, though the exact number of individuals affected remains unknown. The exposed materials consist primarily of internal documents rather than a single structured database of customer records.

Why This Matters for You and Your Family

When a healthcare provider that serves seriously ill patients suffers a breach, the stakes are immediate. Medical histories, contact details, insurance information, and family addresses can appear in the hands of criminals. For you or anyone receiving care, this means heightened risk of identity theft, insurance fraud, or targeted scams that exploit knowledge of a loved one’s medical condition. Even if your name is not on the initial list, family members connected through shared addresses or insurance policies can quickly become part of the same exposure chain.

Credential leaks from healthcare environments often spread far beyond the original incident. Passwords or email addresses reused across personal accounts can give attackers a foothold into your daily digital life, including banking, email, and social media.

The Doxxing and Identity-Chain Implications

Ransomware operators rarely stop at posting a single batch of files. Once internal documents surface, opportunistic criminals comb them for personal identifiers that link an email address to a username, a phone number to a home address, or a patient ID to a family member. These connections create doxxing chains that can lead to harassment, swatting, or sustained identity fraud. Children’s information is frequently swept up through parent-linked records, and gaming accounts tied to the same email or phone number become easy secondary targets for takeover.

Identity-chain mapping reveals how one seemingly minor leak can cascade across platforms. A password exposed in a healthcare breach today can unlock a gaming account tomorrow, revealing chat logs, voice recordings, or location data that further expose the household.

Anubis Ransomware Group Track Record

Public reporting attributes the anubis ransomware group with operations that emerged in recent years. The group is known for targeting mid-sized organizations across healthcare, education, and local government sectors. Notable prior victims include other care providers and service companies whose internal files were published after ransom demands went unmet. Their typical playbook involves initial access through phishing or exploited remote desktop credentials, followed by exfiltration of sensitive documents, deployment of ransomware to encrypt systems, and public extortion on dedicated leak sites when payment is refused. Deadlines for publication are often enforced strictly once a victim is listed.

What to do

  • Run a DoxxScan to map every link between your emails, phone numbers, usernames, and real-world identity so you can see the full exposure chain created by this breach.
  • Rotate any password you used at ViaQuest or related healthcare portals anywhere else it appears, and switch to 2FA through an authenticator app rather than text messages.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next leak that touches your family is caught in hours instead of months.
  • Cover the household with DoxxScan family protection that includes dependents and children’s gaming accounts, which often chain back to the same addresses or parent credentials exposed in care-provider incidents.
  • Let remediation specialists handle repeated takedown requests across data brokers and leak forums that surface after ransomware events like this one.

The ViaQuest breach illustrates how quickly healthcare data can fuel broader identity crimes that reach every member of a household. Taking concrete steps now limits the damage and reduces the chance that today’s leak becomes tomorrow’s harassment or financial loss. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping, hands-on remediation by specialists, and full family coverage that explicitly protects children’s gaming accounts from cascading takeovers.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.