Cherry Health Reports Data Breach Affecting Over 184,000 Individuals
Michigan-based healthcare provider Cherry Health (operating as Cherry Street Services) has disclosed a data breach involving unauthorized access to its network. The incident, detected on or around April 19, 2026, coincided with a days-long network outage suspected to be the result of a ransomware attack.
An investigation, supported by third-party cybersecurity specialists, confirmed that an unauthorized actor accessed and exfiltrated sensitive data from Cherry Health’s systems. The compromised information varies by individual but may include:
- Personal details: Names, addresses, phone numbers, dates of birth, and Social Security numbers
- Healthcare data: Health insurance IDs, patient ID numbers, provider names, and service dates
Cherry Health has stated that over 184,000 individuals were potentially affected, though the full scope of the breach remains under review. The organization plans to notify impacted individuals in writing once its investigation concludes.
Legal teams are currently assessing whether a class action lawsuit can be filed on behalf of affected individuals, with attorneys seeking input from those who received breach notifications or believe their data was exposed. The breach is distinct from a separate December 2023 incident that also impacted Cherry Health.
Source: https://www.classaction.org/data-breach-lawsuits/cherry-health-june-2026
Cherry Health cybersecurity rating report: https://www.rankiteo.com/company/cherryhealthmi
"id": "CHE1781929626",
"linkid": "cherryhealthmi",
"type": "Ransomware",
"date": "4/2026",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '184000',
'industry': 'Healthcare',
'location': 'Michigan, USA',
'name': 'Cherry Health (Cherry Street Services)',
'type': 'Healthcare Provider'}],
'customer_advisories': 'Written notifications to impacted individuals',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': '184000',
'personally_identifiable_information': ['Names',
'Addresses',
'Phone numbers',
'Dates of birth',
'Social Security '
'numbers',
'Health insurance IDs',
'Patient ID numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personal details',
'Healthcare data']},
'date_detected': '2026-04-19',
'description': 'Michigan-based healthcare provider Cherry Health disclosed a '
'data breach involving unauthorized access to its network. The '
'incident coincided with a days-long network outage suspected '
'to be the result of a ransomware attack. An unauthorized '
'actor accessed and exfiltrated sensitive data, including '
'personal and healthcare information of over 184,000 '
'individuals.',
'impact': {'data_compromised': 'Personal details (names, addresses, phone '
'numbers, dates of birth, Social Security '
'numbers), Healthcare data (health insurance '
'IDs, patient ID numbers, provider names, '
'service dates)',
'downtime': 'days-long network outage',
'identity_theft_risk': 'High',
'legal_liabilities': 'Potential class action lawsuit'},
'investigation_status': 'Ongoing',
'ransomware': {'data_exfiltration': True},
'regulatory_compliance': {'legal_actions': 'Potential class action lawsuit'},
'response': {'communication_strategy': 'Written notifications to impacted '
'individuals',
'third_party_assistance': 'Third-party cybersecurity '
'specialists'},
'title': 'Cherry Health Data Breach Affecting Over 184,000 Individuals',
'type': 'Data Breach'}