BWOSMM
Company Details
Linkedin ID:
biolife
Website:
Employees number:
135
Number of followers:
2,399
NAICS:
3391
Industry Type:
Homepage:
biolife.com
IP Addresses:
0
Company ID:
BIO_2698515
Scan Status:
In-progress
Biolife, a wholly owned subsidiary of Merit Medical Company CyberSecurity Posture
biolife.com
Biolife, a wholly owned subsidiary of Merit Medical, is medical device company in Sarasota, Florida, that manufactures innovative healthcare and first aid solutions that improve patient care and outcomes. All Biolife products are comprised of a powder with two main ingredients: potassium ferrate and a hydrophilic, or water loving, polymer. StatSeal devices for the healthcare industry are available in both powder and disc form; the disc is made of compressed powder that is encased in a white medical-grade foam. WoundSeal devices for the consumer and occupational health industries are available in powder form. All Biolife devices are manual pressure adjuncts and work via a two-step mechanism of action that occurs simultaneously to form a low pH seal or physical barrier over the wound, protecting it by letting nothing in or nothing out. The hydrophilic polymer rapidly dehydrates the blood and absorbs exudate, stacking up desiccated blood solids beneath to form a seal (scab). The potassium ferrate binds the blood solids and proteins together, adhering the seal (scab) to the wound to stop bleeding and oozing. Beneath the seal, the pH is neutral and blood solids and proteins continue to stack naturally. Above the seal the hydrophilic polymer acts as a desiccant and creates an acidic environment with a pH of ~ 2. All Biolife devices work independently of the clotting cascade to create an occlusive seal over the wound or procedural site, while accelerating hemostasis and helping to improve recovery time. The seal remains over the wound as the body’s healing mechanism begins. As the wound heals, the scab is naturally sloughed off.
Biolife, a wholly owned subsidiary of Merit Medical A.I CyberSecurity Scoring
BWOSMM Risk Score (AI oriented)Between 0 and 549
BWOSMM
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
BWOSMM Global Score (TPRM)XXXX
BWOSMM
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
BWOSMM Company CyberSecurity News & History
Past Incidents
2
Attack Types
1
Medical company based in Florida
Ransomware
Rankiteo Explanation
Attack threatening the organization’s existence
Description: A Florida-based medical company fell victim to a **ransomware attack** orchestrated by three cybersecurity professionals—Ryan Clifford Goldberg, Kevin Tyler Martin, and an unnamed co-conspirator—using **ALPHV/BlackCat ransomware** in May 2023. The attackers, who exploited their insider knowledge from roles in incident response and ransomware negotiation, successfully extorted a **$1.3 million ransom payment** from the company. While the article does not specify the exact data compromised, the involvement of ALPHV (linked to critical infrastructure and healthcare breaches, including the **Change Healthcare attack affecting 190 million records**) suggests potential exposure of **sensitive patient data, financial records, or operational disruptions**. The attack’s financial motive, combined with the actors’ deliberate targeting of a medical entity, implies severe operational and reputational harm. Ransomware groups like ALPHV are known for **data exfiltration before encryption**, increasing the risk of **patient privacy violations, regulatory penalties (e.g., HIPAA breaches), and loss of trust**. The company’s payment of the ransom—despite FBI guidance against it—highlights the **critical impact on continuity**, though the full scope of data loss or system downtime remains undisclosed. The indictment underscores the **dual threat of insider-enabled cybercrime and ransomware’s escalating sophistication** in healthcare, a sector frequently targeted for its high-value data and life-dependent operations.
Medical Device Company in Florida
Ransomware
Rankiteo Explanation
Attack threatening the organization's existence
Description: A Florida-based medical device company fell victim to a **BlackCat (ALPHV) ransomware attack** orchestrated by three cybersecurity professionals—Kevin Tyler Martin, Ryan Clifford Goldberg, and an unnamed co-conspirator—who exploited their insider knowledge of ransomware negotiation and incident response. The attackers **encrypted critical data, stole sensitive information, and demanded a ransom of $15.4 million (US$10 million)**, ultimately extorting **$1.96 million (US$1.27 million) in cryptocurrency** from the victim. The breach disrupted operations, instilled fear of financial and reputational damage, and exposed the company to potential regulatory scrutiny. The attackers, leveraging their roles at **DigitalMint** and **Sygnia Consulting**, exploited trust to deploy ransomware, demonstrating a severe **insider threat** with deliberate malicious intent. The incident highlights the risks of privileged access abuse in cybersecurity-critical industries, where **healthcare data integrity and operational continuity** were directly compromised. The company’s recovery efforts likely involved forensic investigations, system restoration, and heightened security measures to mitigate future risks.
BWOSMM Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for BWOSMM
Incidents vs Medical Equipment Manufacturing Industry Average (This Year)
Biolife, a wholly owned subsidiary of Merit Medical has 21.95% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Biolife, a wholly owned subsidiary of Merit Medical has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types BWOSMM vs Medical Equipment Manufacturing Industry Avg (This Year)
Biolife, a wholly owned subsidiary of Merit Medical reported 1 incidents this year: 0 cyber attacks, 1 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — BWOSMM (X = Date, Y = Severity)
BWOSMM cyber incidents detection timeline including parent company and subsidiaries
BWOSMM Company Subsidiaries
Biolife, a wholly owned subsidiary of Merit Medical, is medical device company in Sarasota, Florida, that manufactures innovative healthcare and first aid solutions that improve patient care and outcomes. All Biolife products are comprised of a powder with two main ingredients: potassium ferrate and a hydrophilic, or water loving, polymer. StatSeal devices for the healthcare industry are available in both powder and disc form; the disc is made of compressed powder that is encased in a white medical-grade foam. WoundSeal devices for the consumer and occupational health industries are available in powder form. All Biolife devices are manual pressure adjuncts and work via a two-step mechanism of action that occurs simultaneously to form a low pH seal or physical barrier over the wound, protecting it by letting nothing in or nothing out. The hydrophilic polymer rapidly dehydrates the blood and absorbs exudate, stacking up desiccated blood solids beneath to form a seal (scab). The potassium ferrate binds the blood solids and proteins together, adhering the seal (scab) to the wound to stop bleeding and oozing. Beneath the seal, the pH is neutral and blood solids and proteins continue to stack naturally. Above the seal the hydrophilic polymer acts as a desiccant and creates an acidic environment with a pH of ~ 2. All Biolife devices work independently of the clotting cascade to create an occlusive seal over the wound or procedural site, while accelerating hemostasis and helping to improve recovery time. The seal remains over the wound as the body’s healing mechanism begins. As the wound heals, the scab is naturally sloughed off.
Loading...
BWOSMM Similar Companies
Edwards Lifesciences
Edwards Lifesciences (NYSE: EW), is the leading global structural heart innovation company, driven by a passion to improve patient lives. Through breakthrough technologies, world-class evidence and partnerships with clinicians and healthcare stakeholders, our employees are inspired by our patient-fo
Danaher Corporation
Danaher is a leading global life sciences and diagnostics innovator, committed to accelerating the power of science and technology to improve human health. We partner with customers across the globe to help them solve their most complex challenges, architecting solutions that bring the power of scie
Stryker
Stryker is a global leader in medical technologies and, together with our customers, we are driven to make healthcare better. We offer innovative products and services in MedSurg, Neurotechnology and Orthopaedics that help improve patient and healthcare outcomes. Alongside its customers around the w
Zimmer Biomet is a global medical technology leader with a comprehensive portfolio designed to maximize mobility and improve health. We advance our mission to alleviate pain and improve the quality of life for patients around the world with our innovative products and suite of integrated digital and
BD is one of the largest global medical technology companies in the world and is advancing the world of health™ by improving medical discovery, diagnostics and the delivery of care. The company supports the heroes on the frontlines of health care by developing innovative technology, services and sol
B. Braun Group
As a leading medical technology company, B. Braun protects and improves the health of people around the world. For more than 185 years, the family-owned company has been accelerating progress in health care with pioneering spirit and groundbreaking contributions. This innovative strength continues t
We are dedicated to transforming lives by improving the journey to a healthy, beautiful smile. Discover your straight path to a bright future at Align Technology. As a part of our smart, diverse and fast-moving global team, you'll make an impact on the market leader that's moving an industry forwa
Alcon
Alcon helps people see brilliantly. As the global leader in eye care with a heritage spanning over 75 years, we offer the broadest portfolio of products to enhance sight and improve people’s lives. Our Surgical and Vision Care products touch the lives of more than 260 million people in over 140 coun
Olympus Corporation
Olympus is passionate about creating customer-driven solutions for the medical industry. For more than 100 years, Olympus has focused on making people’s lives healthier, safer and more fulfilling by helping detect, prevent, and treat disease, furthering scientific research, and ensuring public safet
.png)
BWOSMM CyberSecurity News
Loading...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
BWOSMM CyberSecurity History Information
Official Website of Biolife, a wholly owned subsidiary of Merit Medical
The official website of Biolife, a wholly owned subsidiary of Merit Medical is http://www.biolife.com.
Biolife, a wholly owned subsidiary of Merit Medical’s AI-Generated Cybersecurity Score
According to Rankiteo, Biolife, a wholly owned subsidiary of Merit Medical’s AI-generated cybersecurity score is 386, reflecting their Critical security posture.
How many security badges does Biolife, a wholly owned subsidiary of Merit Medical’ have ?
According to Rankiteo, Biolife, a wholly owned subsidiary of Merit Medical currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Biolife, a wholly owned subsidiary of Merit Medical have SOC 2 Type 1 certification ?
According to Rankiteo, Biolife, a wholly owned subsidiary of Merit Medical is not certified under SOC 2 Type 1.
Does Biolife, a wholly owned subsidiary of Merit Medical have SOC 2 Type 2 certification ?
According to Rankiteo, Biolife, a wholly owned subsidiary of Merit Medical does not hold a SOC 2 Type 2 certification.
Does Biolife, a wholly owned subsidiary of Merit Medical comply with GDPR ?
According to Rankiteo, Biolife, a wholly owned subsidiary of Merit Medical is not listed as GDPR compliant.
Does Biolife, a wholly owned subsidiary of Merit Medical have PCI DSS certification ?
According to Rankiteo, Biolife, a wholly owned subsidiary of Merit Medical does not currently maintain PCI DSS compliance.
Does Biolife, a wholly owned subsidiary of Merit Medical comply with HIPAA ?
According to Rankiteo, Biolife, a wholly owned subsidiary of Merit Medical is not compliant with HIPAA regulations.
Does Biolife, a wholly owned subsidiary of Merit Medical have ISO 27001 certification ?
According to Rankiteo,Biolife, a wholly owned subsidiary of Merit Medical is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Biolife, a wholly owned subsidiary of Merit Medical
Biolife, a wholly owned subsidiary of Merit Medical operates primarily in the Medical Equipment Manufacturing industry.
Number of Employees at Biolife, a wholly owned subsidiary of Merit Medical
Biolife, a wholly owned subsidiary of Merit Medical employs approximately 135 people worldwide.
Subsidiaries Owned by Biolife, a wholly owned subsidiary of Merit Medical
Biolife, a wholly owned subsidiary of Merit Medical presently has no subsidiaries across any sectors.
Biolife, a wholly owned subsidiary of Merit Medical’s LinkedIn Followers
Biolife, a wholly owned subsidiary of Merit Medical’s official LinkedIn profile has approximately 2,399 followers.
NAICS Classification of Biolife, a wholly owned subsidiary of Merit Medical
Biolife, a wholly owned subsidiary of Merit Medical is classified under the NAICS code 3391, which corresponds to Medical Equipment and Supplies Manufacturing.
Biolife, a wholly owned subsidiary of Merit Medical’s Presence on Crunchbase
No, Biolife, a wholly owned subsidiary of Merit Medical does not have a profile on Crunchbase.
Biolife, a wholly owned subsidiary of Merit Medical’s Presence on LinkedIn
Yes, Biolife, a wholly owned subsidiary of Merit Medical maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/biolife.
Cybersecurity Incidents Involving Biolife, a wholly owned subsidiary of Merit Medical
As of December 04, 2025, Rankiteo reports that Biolife, a wholly owned subsidiary of Merit Medical has experienced 2 cybersecurity incidents.
Number of Peer and Competitor Companies
Biolife, a wholly owned subsidiary of Merit Medical has an estimated 5,405 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Biolife, a wholly owned subsidiary of Merit Medical ?
Incident Types: The types of cybersecurity incidents that have occurred include Ransomware.
What was the total financial impact of these incidents on Biolife, a wholly owned subsidiary of Merit Medical ?
Total Financial Loss: The total financial loss from these incidents is estimated to be $3.26 million.
How does Biolife, a wholly owned subsidiary of Merit Medical detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with sygnia terminated goldberg upon learning of the allegations, incident response plan activated with digitalmint issued a public statement distancing itself from the indicted employees, and law enforcement notified with fbi investigation led to arrests, law enforcement notified with u.s. district court for the southern district of florida indictments, and communication strategy with public statements by sygnia and digitalmint, communication strategy with media coverage (e.g., chicago sun-times), and third party assistance with fbi investigation, third party assistance with cooperation from digitalmint and sygnia, and and communication strategy with public statements from digitalmint and sygnia denying organizational involvement, communication strategy with media coverage of indictments..
Incident Details
Can you provide details on each incident ?
Title: Cybersecurity Professionals Accused of Conducting ALPHV/BlackCat Ransomware Attacks on U.S. Businesses
Description: Federal prosecutors allege that three cybersecurity professionals—Ryan Clifford Goldberg (Sygnia), Kevin Tyler Martin (DigitalMint), and an unnamed co-conspirator—used ALPHV/BlackCat ransomware to attack five U.S. businesses in 2023. The trio extorted nearly $1.3 million from a Florida-based medical company and targeted four other entities, including a pharmaceutical company, a doctor’s office, an engineering firm, and a drone manufacturer. Goldberg and Martin were indicted on charges including conspiracy to interfere with commerce by extortion and intentional damage to a protected computer. Goldberg confessed to the FBI, citing financial debt as his motivation, while Martin was released on bond pending trial.
Date Publicly Disclosed: 2024-10-02
Type: ransomware
Attack Vector: malware deployment (ALPHV/BlackCat)affiliate-based ransomware-as-a-service (RaaS)
Threat Actor: Ryan Clifford GoldbergKevin Tyler Martinunnamed co-conspirator (DigitalMint employee)
Motivation: financial gaindebt relief (Goldberg's confession)
Title: Cybersecurity Professionals Indicted for BlackCat Ransomware Attacks Yielding Nearly $2 Million
Description: Three cybersecurity professionals—Kevin Tyler Martin (Texas), Ryan Clifford Goldberg (Georgia), and an unnamed Florida-based individual—were indicted for conducting ransomware attacks using the BlackCat (ALPHV) strain between May 2023 and April 2025. The group targeted five businesses in the medical and engineering sectors, extorting nearly $2 million in cryptocurrency, including a $1.96 million payment from a Florida-based medical device company. The attackers exploited their insider knowledge from roles at DigitalMint and Sygnia Consulting Ltd. Charges include conspiracy to interfere with interstate commerce by extortion, intentional damage to protected computers, and extortion. BlackCat, a Ransomware-as-a-Service (RaaS) operation, was notably open to English-speaking affiliates, unlike other groups.
Date Resolved: 2025-04-00
Type: Ransomware Attack
Attack Vector: Ransomware-as-a-Service (BlackCat/ALPHV)Unauthorized AccessData ExfiltrationInsider Abuse of Privileges
Threat Actor: Name: Kevin Tyler Martin, Role: Former Ransomware Negotiator at DigitalMint, Location: Texas, USA, Affiliation: BlackCat/ALPHV Affiliate, Name: Ryan Clifford Goldberg, Role: Former Incident Response Supervisor at Sygnia Consulting Ltd, Location: Georgia, USA, Affiliation: BlackCat/ALPHV Affiliate, Name: Unnamed Co-Conspirator, Role: Unknown (Potential DigitalMint Employee), Location: Florida, USA, Affiliation: BlackCat/ALPHV Affiliate, Name: BlackCat/ALPHV RaaS Operators, Role: Ransomware Developers/Operators, Affiliation: BlackCat/ALPHV Group (Defunct as of December 2023).
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through ALPHV/BlackCat RaaS affiliate account obtained by unnamed co-conspirator.
Impact of the Incidents
What was the impact of each incident ?
Incident : ransomware BIO0602606110425
Financial Loss: $1.3 million (ransom paid by one victim)
Operational Impact: disruption to medical, pharmaceutical, engineering, and drone manufacturing operations
Brand Reputation Impact: reputational damage to Sygnia and DigitalMintloss of trust in cybersecurity professionals
Legal Liabilities: indictments for conspiracy, extortion, and computer damagepotential 50-year prison sentences
Incident : Ransomware Attack BIO4503245111125
Financial Loss: $1.96 million (paid by one victim); Total demands ranged from $300,000 to $15.4 million
Operational Impact: Fear of financial loss due to data theft/encryptionPotential disruption to medical/engineering operations
Brand Reputation Impact: Potential reputational damage to victim organizationsNegative publicity for DigitalMint and Sygnia due to insider involvement
Legal Liabilities: Ongoing legal proceedings against Martin and GoldbergPotential civil lawsuits from victims
What is the average financial loss per incident ?
Average Financial Loss: The average financial loss per incident is $1.63 million.
Which entities were affected by each incident ?
Incident : ransomware BIO0602606110425
Entity Name: Medical company (Florida)
Entity Type: private
Industry: healthcare
Location: Florida, USA
Incident : ransomware BIO0602606110425
Entity Name: Pharmaceutical company (Maryland)
Entity Type: private
Industry: pharmaceuticals
Location: Maryland, USA
Incident : ransomware BIO0602606110425
Entity Name: Doctor’s office (California)
Entity Type: private
Industry: healthcare
Location: California, USA
Incident : ransomware BIO0602606110425
Entity Name: Engineering company (California)
Entity Type: private
Industry: engineering
Location: California, USA
Incident : ransomware BIO0602606110425
Entity Name: Drone manufacturer (Virginia)
Entity Type: private
Industry: aerospace/defense
Location: Virginia, USA
Incident : ransomware BIO0602606110425
Entity Name: Sygnia
Entity Type: private
Industry: cybersecurity
Incident : ransomware BIO0602606110425
Entity Name: DigitalMint
Entity Type: private
Industry: cryptocurrency/cybersecurity
Incident : Ransomware Attack BIO4503245111125
Entity Name: Unnamed Florida Medical Device Company
Entity Type: Private Corporation
Industry: Medical Devices
Location: Florida, USA
Incident : Ransomware Attack BIO4503245111125
Entity Name: Four Additional Victims (Medical/Engineering Sectors)
Entity Type: Private Corporations, Potential Public Entities
Industry: Healthcare, Engineering
Incident : Ransomware Attack BIO4503245111125
Entity Name: DigitalMint
Entity Type: Incident Response Specialist
Industry: Cybersecurity
Location: Chicago, Illinois, USA
Customers Affected: None (per company statement)
Incident : Ransomware Attack BIO4503245111125
Entity Name: Sygnia Consulting Ltd
Entity Type: Cybersecurity Consulting Firm
Industry: Cybersecurity
Location: Israel
Customers Affected: None (per company statement)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : ransomware BIO0602606110425
Incident Response Plan Activated: ['Sygnia terminated Goldberg upon learning of the allegations', 'DigitalMint issued a public statement distancing itself from the indicted employees']
Law Enforcement Notified: FBI investigation led to arrests, U.S. District Court for the Southern District of Florida indictments,
Communication Strategy: public statements by Sygnia and DigitalMintmedia coverage (e.g., Chicago Sun-Times)
Incident : Ransomware Attack BIO4503245111125
Third Party Assistance: Fbi Investigation, Cooperation From Digitalmint And Sygnia.
Communication Strategy: Public statements from DigitalMint and Sygnia denying organizational involvementMedia coverage of indictments
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Sygnia terminated Goldberg upon learning of the allegations, DigitalMint issued a public statement distancing itself from the indicted employees, .
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through FBI Investigation, Cooperation from DigitalMint and Sygnia, .
Data Breach Information
What type of data was compromised in each breach ?
Incident : ransomware BIO0602606110425
Data Encryption: ['ALPHV/BlackCat ransomware encryption']
Incident : Ransomware Attack BIO4503245111125
Sensitivity of Data: Potentially high (medical/engineering sector data)
Data Encryption: True
Ransomware Information
Was ransomware involved in any of the incidents ?
Incident : ransomware BIO0602606110425
Ransom Demanded: $1.3 million (paid by medical company)
Ransom Paid: $1.3 million (by one victim)
Ransomware Strain: ALPHV/BlackCat
Data Encryption: True
Incident : Ransomware Attack BIO4503245111125
Ransom Demanded: ['$15.4 million (highest demand)', '$1.96 million (paid by Florida medical device company)', 'Ranged from $300,000 to $5 million in other cases']
Ransom Paid: $1.96 million (by one victim)
Ransomware Strain: BlackCat (ALPHV)
Data Encryption: True
Data Exfiltration: True
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : ransomware BIO0602606110425
Legal Actions: indictments for conspiracy, extortion, and computer damage,
Incident : Ransomware Attack BIO4503245111125
Legal Actions: Indictments for conspiracy, extortion, and computer damage, Ongoing trial (Martin pleaded not guilty; Goldberg detained),
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through indictments for conspiracy, extortion, and computer damage, , Indictments for conspiracy, extortion, and computer damage, Ongoing trial (Martin pleaded not guilty; Goldberg detained), .
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : ransomware BIO0602606110425
Lessons Learned: Insider threats can originate from cybersecurity professionals with privileged access, Importance of monitoring employee behavior and access controls, Risks of ransomware-as-a-service (RaaS) affiliate models
Incident : Ransomware Attack BIO4503245111125
Lessons Learned: Insider threats pose significant risks, even from trusted cybersecurity professionals., Ransomware-as-a-Service (RaaS) models enable low-barrier entry for affiliates, including English speakers., Technical controls and monitoring are critical but not foolproof against determined insiders., Organizations must balance trust in employees with robust oversight mechanisms.
What recommendations were made to prevent future incidents ?
Incident : ransomware BIO0602606110425
Recommendations: Enhance background checks and continuous monitoring of cybersecurity personnel, Implement stricter access controls and segregation of duties, Educate employees on ethical boundaries and legal consequences of misuse, Strengthen incident response plans to detect insider threatsEnhance background checks and continuous monitoring of cybersecurity personnel, Implement stricter access controls and segregation of duties, Educate employees on ethical boundaries and legal consequences of misuse, Strengthen incident response plans to detect insider threatsEnhance background checks and continuous monitoring of cybersecurity personnel, Implement stricter access controls and segregation of duties, Educate employees on ethical boundaries and legal consequences of misuse, Strengthen incident response plans to detect insider threatsEnhance background checks and continuous monitoring of cybersecurity personnel, Implement stricter access controls and segregation of duties, Educate employees on ethical boundaries and legal consequences of misuse, Strengthen incident response plans to detect insider threats
Incident : Ransomware Attack BIO4503245111125
Recommendations: Enhance background checks and continuous monitoring for employees in high-risk roles (e.g., incident response, ransomware negotiation)., Implement stricter access controls and segregation of duties for sensitive systems/data., Develop insider threat detection programs with behavioral analytics., Foster a culture of ethical accountability and whistleblowing in cybersecurity firms., Collaborate with law enforcement proactively to disrupt RaaS operations.Enhance background checks and continuous monitoring for employees in high-risk roles (e.g., incident response, ransomware negotiation)., Implement stricter access controls and segregation of duties for sensitive systems/data., Develop insider threat detection programs with behavioral analytics., Foster a culture of ethical accountability and whistleblowing in cybersecurity firms., Collaborate with law enforcement proactively to disrupt RaaS operations.Enhance background checks and continuous monitoring for employees in high-risk roles (e.g., incident response, ransomware negotiation)., Implement stricter access controls and segregation of duties for sensitive systems/data., Develop insider threat detection programs with behavioral analytics., Foster a culture of ethical accountability and whistleblowing in cybersecurity firms., Collaborate with law enforcement proactively to disrupt RaaS operations.Enhance background checks and continuous monitoring for employees in high-risk roles (e.g., incident response, ransomware negotiation)., Implement stricter access controls and segregation of duties for sensitive systems/data., Develop insider threat detection programs with behavioral analytics., Foster a culture of ethical accountability and whistleblowing in cybersecurity firms., Collaborate with law enforcement proactively to disrupt RaaS operations.Enhance background checks and continuous monitoring for employees in high-risk roles (e.g., incident response, ransomware negotiation)., Implement stricter access controls and segregation of duties for sensitive systems/data., Develop insider threat detection programs with behavioral analytics., Foster a culture of ethical accountability and whistleblowing in cybersecurity firms., Collaborate with law enforcement proactively to disrupt RaaS operations.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Insider threats can originate from cybersecurity professionals with privileged access,Importance of monitoring employee behavior and access controls,Risks of ransomware-as-a-service (RaaS) affiliate modelsInsider threats pose significant risks, even from trusted cybersecurity professionals.,Ransomware-as-a-Service (RaaS) models enable low-barrier entry for affiliates, including English speakers.,Technical controls and monitoring are critical but not foolproof against determined insiders.,Organizations must balance trust in employees with robust oversight mechanisms.
References
Where can I find more information about each incident ?
Incident : ransomware BIO0602606110425
Source: Chicago Sun-Times
Incident : ransomware BIO0602606110425
Source: U.S. District Court for the Southern District of Florida (indictment documents)
Incident : ransomware BIO0602606110425
Source: FBI affidavit (June 17 interview with Goldberg)
Incident : Ransomware Attack BIO4503245111125
Source: Information Age
Incident : Ransomware Attack BIO4503245111125
Source: US Department of Justice (Indictment)
Incident : Ransomware Attack BIO4503245111125
Source: Intel 471 (Cyber Threat Intelligence)
Incident : Ransomware Attack BIO4503245111125
Source: Exabeam Report on Insider Threats (2025)
Incident : Ransomware Attack BIO4503245111125
Source: Archive.li (Ryan Goldberg's SANS Institute Profile)
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Chicago Sun-Times, and Source: U.S. District Court for the Southern District of Florida (indictment documents), and Source: FBI affidavit (June 17 interview with Goldberg), and Source: Information Age, and Source: US Department of Justice (Indictment), and Source: Intel 471 (Cyber Threat Intelligence), and Source: Exabeam Report on Insider Threats (2025), and Source: Archive.li (Ryan Goldberg's SANS Institute Profile)Url: https://archive.li/....
Investigation Status
What is the current status of the investigation for each incident ?
Incident : ransomware BIO0602606110425
Investigation Status: Ongoing (Goldberg in custody, Martin released on bond; trial pending)
Incident : Ransomware Attack BIO4503245111125
Investigation Status: Ongoing (Trial Pending)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Statements By Sygnia And Digitalmint, Media Coverage (E.G., Chicago Sun-Times), Public Statements From Digitalmint And Sygnia Denying Organizational Involvement and Media Coverage Of Indictments.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : ransomware BIO0602606110425
Stakeholder Advisories: Sygnia And Digitalmint Public Statements, Fbi Warnings About Insider Threats In Cybersecurity.
Incident : Ransomware Attack BIO4503245111125
Stakeholder Advisories: Digitalmint And Sygnia Issued Statements Distancing Themselves From The Criminal Activity And Confirming Cooperation With The Fbi., Victim Organizations (E.G., Florida Medical Device Company) Likely Issued Internal Advisories, Though Details Are Not Public..
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Sygnia And Digitalmint Public Statements, Fbi Warnings About Insider Threats In Cybersecurity, Digitalmint And Sygnia Issued Statements Distancing Themselves From The Criminal Activity And Confirming Cooperation With The Fbi., Victim Organizations (E.G., Florida Medical Device Company) Likely Issued Internal Advisories and Though Details Are Not Public..
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : ransomware BIO0602606110425
Entry Point: Alphv/Blackcat Raas Affiliate Account Obtained By Unnamed Co-Conspirator,
High Value Targets: Healthcare, Pharmaceutical, And Engineering Sectors,
Data Sold on Dark Web: Healthcare, Pharmaceutical, And Engineering Sectors,
Incident : Ransomware Attack BIO4503245111125
High Value Targets: Medical And Engineering Sector Companies,
Data Sold on Dark Web: Medical And Engineering Sector Companies,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : ransomware BIO0602606110425
Root Causes: Abuse Of Privileged Access By Cybersecurity Professionals, Lack Of Oversight For Employees With Ransomware Negotiation Roles, Financial Motivations (Goldberg'S Debt),
Corrective Actions: Termination Of Involved Employees (Sygnia, Digitalmint), Legal Prosecution And Fbi Investigation, Industry-Wide Reviews Of Insider Threat Programs,
Incident : Ransomware Attack BIO4503245111125
Root Causes: Abuse Of Insider Privileges By Cybersecurity Professionals With Specialized Knowledge., Lax Oversight Or Detection Mechanisms For Employees Handling Ransomware Negotiations/Incident Response., Profit-Driven Motivation Exploiting Raas Affordability And Accessibility.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Fbi Investigation, Cooperation From Digitalmint And Sygnia, .
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Termination Of Involved Employees (Sygnia, Digitalmint), Legal Prosecution And Fbi Investigation, Industry-Wide Reviews Of Insider Threat Programs, .
Additional Questions
General Information
Has the company ever paid ransoms ?
Ransom Payment History: The company has Paid ransoms in the past.
What was the amount of the last ransom demanded ?
Last Ransom Demanded: The amount of the last ransom demanded was $1.3 million (paid by medical company).
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident were an Ryan Clifford GoldbergKevin Tyler Martinunnamed co-conspirator (DigitalMint employee), Name: Kevin Tyler MartinRole: Former Ransomware Negotiator at DigitalMintLocation: Texas, USAAffiliation: BlackCat/ALPHV AffiliateName: Ryan Clifford GoldbergRole: Former Incident Response Supervisor at Sygnia Consulting LtdLocation: Georgia, USAAffiliation: BlackCat/ALPHV AffiliateName: Unnamed Co-ConspiratorRole: Unknown (Potential DigitalMint Employee)Location: Florida and USAAffiliation: BlackCat/ALPHV AffiliateName: BlackCat/ALPHV RaaS OperatorsRole: Ransomware Developers/OperatorsAffiliation: BlackCat/ALPHV Group (Defunct as of December 2023).
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-10-02.
What was the most recent incident resolved ?
Most Recent Incident Resolved: The most recent incident resolved was on 2025-04-00.
Impact of the Incidents
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was fbi investigation, cooperation from digitalmint and sygnia, .
Data Breach Information
Ransomware Information
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was indictments for conspiracy, extortion, and computer damage, , Indictments for conspiracy, extortion, and computer damage, Ongoing trial (Martin pleaded not guilty; Goldberg detained), .
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Organizations must balance trust in employees with robust oversight mechanisms.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Enhance background checks and continuous monitoring for employees in high-risk roles (e.g., incident response, ransomware negotiation)., Collaborate with law enforcement proactively to disrupt RaaS operations., Enhance background checks and continuous monitoring of cybersecurity personnel, Implement stricter access controls and segregation of duties, Develop insider threat detection programs with behavioral analytics., Strengthen incident response plans to detect insider threats, Educate employees on ethical boundaries and legal consequences of misuse, Foster a culture of ethical accountability and whistleblowing in cybersecurity firms. and Implement stricter access controls and segregation of duties for sensitive systems/data..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are U.S. District Court for the Southern District of Florida (indictment documents), Archive.li (Ryan Goldberg's SANS Institute Profile), FBI affidavit (June 17 interview with Goldberg), Intel 471 (Cyber Threat Intelligence), Information Age, Chicago Sun-Times, US Department of Justice (Indictment) and Exabeam Report on Insider Threats (2025).
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://archive.li/... .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (Goldberg in custody, Martin released on bond; trial pending).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Sygnia and DigitalMint public statements, FBI warnings about insider threats in cybersecurity, DigitalMint and Sygnia issued statements distancing themselves from the criminal activity and confirming cooperation with the FBI., Victim organizations (e.g., Florida medical device company) likely issued internal advisories, though details are not public., .
Initial Access Broker
Post-Incident Analysis
What was the most significant root cause identified in post-incident analysis ?
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Abuse of privileged access by cybersecurity professionalsLack of oversight for employees with ransomware negotiation rolesFinancial motivations (Goldberg's debt), Abuse of insider privileges by cybersecurity professionals with specialized knowledge.Lax oversight or detection mechanisms for employees handling ransomware negotiations/incident response.Profit-driven motivation exploiting RaaS affordability and accessibility..
What was the most significant corrective action taken based on post-incident analysis ?
Most Significant Corrective Action: The most significant corrective action taken based on post-incident analysis was Termination of involved employees (Sygnia, DigitalMint)Legal prosecution and FBI investigationIndustry-wide reviews of insider threat programs.
.png)
Latest Global CVEs (Not Company-Specific)
Description
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string format is provided, it is passed directly to shell interpretation (sh -c) without input validation, allowing shell metacharacters to be interpreted. This vulnerability can be exploited through direct command injection or indirect prompt injection attacks, where AI agents may execute commands without explicit user intent. This vulnerability is fixed in 2.9.8.
Risk Information
cvss3
Base: 6.4
Severity: HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Description
XML external entity (XXE) injection in eyoucms v1.7.1 allows remote attackers to cause a denial of service via crafted body of a POST request.
Description
An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to access administrative functions of the device (e.g. file upload, firmware update, reboot...) via a crafted authentication bypass.
Description
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in the authentication flow. This vulnerability is fixed in 5.9.8.
Risk Information
cvss4
Base: 9.9
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Rhino is an open-source implementation of JavaScript written entirely in Java. Prior to 1.8.1, 1.7.15.1, and 1.7.14.1, when an application passed an attacker controlled float poing number into the toFixed() function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo > DToA.JS_dtostr > DToA.JS_dtoa > DToA.pow5mult where pow5mult attempts to raise 5 to a ridiculous power. This vulnerability is fixed in 1.8.1, 1.7.15.1, and 1.7.14.1.
Risk Information
cvss4
Base: 5.5
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=biolife' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
