Healthcare Interactive, a developer of AI-driven medical insurance benefit enrollment and billing solutions, experienced a cybersecurity incident resulting in the unauthorized access of highly sensitive personal and health data. The breach exposed confidential records, including names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, health insurance details, medical record numbers, diagnoses, lab results, prescriptions, treatment information, medical images, doctors’ names, and insurance claims data. The incident affected an unknown number of individuals, with the compromised data encompassing both personal identifiers and protected health information (PHI). The breach prompted legal action, with Lynch Carpenter, LLP investigating potential claims for compensation on behalf of affected parties. The exposure of such extensive medical and financial data poses severe risks, including identity theft, financial fraud, and long-term privacy violations, particularly given the sensitivity of health-related records. The company has not disclosed the attack vector, but the scale and nature of the stolen data suggest a targeted intrusion with significant operational and reputational consequences.
TPRM report: https://www.rankiteo.com/company/hci_2
"id": "hci0593105100325",
"linkid": "hci_2",
"type": "Breach",
"date": "10/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Unknown number of individuals',
'industry': 'Healthcare Technology (AI-based medical '
'insurance benefit enrollment and billing '
'solutions)',
'location': 'Pittsburgh, Pennsylvania, USA (inferred '
'from press release location)',
'name': 'Healthcare Interactive',
'type': 'Private Company'}],
'customer_advisories': 'Individuals who received a data breach notification '
'from Healthcare Interactive are advised to contact '
'Lynch Carpenter, LLP for legal review.',
'data_breach': {'data_exfiltration': 'Yes (records obtained by unauthorized '
'person)',
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': 'Yes (names, '
'addresses, SSNs, '
'dates of birth, etc.)',
'sensitivity_of_data': 'High (includes SSNs, medical '
'diagnoses, prescriptions, and '
'insurance claims)',
'type_of_data_compromised': ['Protected Health Information '
'(PHI)',
'Personally Identifiable '
'Information (PII)',
'Confidential/proprietary '
'business data']},
'date_publicly_disclosed': '2025-10-03',
'description': 'An unauthorized person obtained records containing '
'confidential, proprietary, and protected health information '
'(PHI) from Healthcare Interactive, a company specializing in '
'AI-based medical insurance benefit enrollment and billing '
'solutions. The compromised data includes names, addresses, '
'email addresses, phone numbers, dates of birth, Social '
'Security numbers, health insurance enrollment details, '
'medical record numbers, diagnoses, lab results, '
'prescriptions, medical images, doctors’ names, and health '
'insurance claims information. The exact number of affected '
'individuals is unknown. Lynch Carpenter, LLP is investigating '
'potential legal claims for compensation.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive health data; '
'legal investigation underway',
'data_compromised': ['Names',
'Addresses',
'Email addresses',
'Phone numbers',
'Dates of birth',
'Social Security numbers',
'Health insurance enrollment information',
'Medical record numbers',
'Diagnoses',
'Lab results',
'Prescriptions',
'Care and treatment information',
'Medical images',
'Doctors’ names',
'Health insurance claims information'],
'identity_theft_risk': 'High (due to exposure of SSNs, PHI, and '
'personally identifiable information)',
'legal_liabilities': 'Lynch Carpenter, LLP investigating claims '
'for potential compensation; class action '
'litigation possible'},
'initial_access_broker': {'high_value_targets': 'Protected Health Information '
'(PHI) and personally '
'identifiable information '
'(PII)'},
'investigation_status': 'Ongoing (legal investigation by Lynch Carpenter, '
'LLP)',
'references': [{'date_accessed': '2025-10-03',
'source': 'Globe Newswire Press Release',
'url': 'https://databreaches.net/2025/10/01/ai-driven-medical-benefits-servicer-hit-with-data-breach/'},
{'source': 'Lynch Carpenter, LLP Investigation Page',
'url': 'https://www.lynchcarpenter.com'}],
'regulatory_compliance': {'legal_actions': 'Class action investigation by '
'Lynch Carpenter, LLP',
'regulations_violated': ['Potential HIPAA '
'violations (due to PHI '
'exposure)',
'State data breach '
'notification laws (e.g., '
'Pennsylvania, '
'California)']},
'response': {'communication_strategy': 'Public disclosure via Globe Newswire; '
'legal firm (Lynch Carpenter, LLP) '
'announced investigation and '
'compensation claims process'},
'threat_actor': 'Unauthorized person (unknown)',
'title': 'Healthcare Interactive Data Breach (2025)',
'type': 'Data Breach'}