Invacare Data Breach due to Ransomware Attack: Sensitive Info at Risk

On Nov. 4, 2025, the RHYSIDA ransomware group claimed responsibility for a cyberattack targeting Invacare International Holdings Corp., a medical device manufacturing and distribution company. According to a post made on the dark web, RHYSIDA stated they had successfully breached Invacare’s systems and obtained sensitive organizational data.

The group also threatened to publicly release the stolen information within six to seven days unless their ransom demands were met. At this time, the total number of individuals and medical organizations affected has not been disclosed.

The nature of the breach is classified as a ransomware attack, meaning the attackers gained unauthorized access to Invacare’s network, encrypted critical files and exfiltrated data. Ransomware incidents of this scale often involve both personally identifiable information (PII) and protected health information (PHI).

Exposed information could include names, addresses, email addresses, Social Security numbers, financial information and health information related to patients, clients or employees. The severity of this breach is high, due to the attackers’ intent to publish the data, which could lead to identity theft and fraud.

The breach was first reported on the Tor network, a common platform for ransomware groups to announce their attacks and extort victims. As of today, Invacare has not released a public statement detailing the full scope of the incident or the specific data types involved.

Invacare International Holdings Corp.'s response

In response to the RHYSIDA ransomware attack, Invacare is expected to be engaging with cybersecurity experts and law enforcement to investigate the incident and secure internal systems. The company will work to identify impacted individuals and notify them by mail in addition to making required state and federal disclosures.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Invacare or your medical provider.
• Monitor financial accounts and credit reports for unusual activity
• Be alert for phishing emails or suspicious communications that may reference Invacare or personal information
• Change passwords for accounts that may overlap with Invacare services or communications
• Consider placing a fraud alert or credit freeze with major credit bureaus if personal or financial data was shared with Invacare

If Invacare releases additional information or offers resources such as credit monitoring or identity theft protection, affected parties should take advantage of these services.