Modernizing Medicine, Inc. (ModMed), a healthcare technology company specializing in cloud-based EHR solutions for specialty medical practices, suffered a data breach in July 2025. An unauthorized cybercriminal accessed and copied sensitive patient data—including **full names, addresses, dates of birth, Social Security numbers, health insurance details, medical records, billing codes, prescriptions, diagnoses, and treatment information**—from internal servers used by its podiatry practice clients. The breach, discovered in July but disclosed in September–October 2025, impacted at least **737 Massachusetts residents**, with broader exposure likely. The compromised data poses severe risks of **identity theft, financial fraud, and medical identity fraud**, as the exposed information includes highly sensitive **PII (Personally Identifiable Information) and PHI (Protected Health Information)**. Affected individuals were offered credit monitoring, but the long-term consequences—such as **fraudulent medical claims, targeted phishing, or blackmail**—remain significant. Legal actions are underway, with class-action lawsuits seeking compensation for victims.
Source: https://www.claimdepot.com/investigations/modernizing-medicine-data-breach-2025
TPRM report: https://www.rankiteo.com/company/modernizing-medicine
"id": "mod1392713102125",
"linkid": "modernizing-medicine",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Undisclosed (includes at least '
'737 Massachusetts residents)',
'industry': 'Healthcare IT / Electronic Health Records '
'(EHR)',
'location': 'Boca Raton, Florida, USA',
'name': 'Modernizing Medicine, Inc. (ModMed)',
'size': '1,400+ employees',
'type': 'Healthcare Technology Company'}],
'customer_advisories': ['Direct mail notices sent to affected individuals '
'(Oct. 17, 2025)',
'Public advisory via Shamis & Gentile P.A. for '
'compensation eligibility'],
'data_breach': {'data_exfiltration': 'Yes (data copied by cybercriminal)',
'number_of_records_exposed': 'Undisclosed (minimum 737 '
'records confirmed in '
'Massachusetts)',
'personally_identifiable_information': ['Full name',
'Address',
'Date of birth',
'Phone number',
'Email address',
'Social Security '
'number',
'Health insurance '
'information',
'Medical record '
'number',
'Patient account '
'number'],
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and financial details)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-07-01',
'date_publicly_disclosed': '2025-09-19',
'description': 'Modernizing Medicine, Inc. (ModMed) discovered unauthorized '
'activity in certain computer servers used by its podiatry '
'practice clients. A cybercriminal accessed and copied '
'sensitive personal and protected health information (PHI) of '
'patients between July 9 and July 10, 2025. The breach was '
'disclosed to affected practices on September 19, 2025, and '
'notices were mailed to individuals on October 17, 2025. The '
'exposed data includes full names, addresses, Social Security '
'numbers, health insurance details, medical records, and more. '
'At least 737 Massachusetts residents were affected, though '
'the total scope remains undisclosed. Regulatory disclosures '
'were filed with the Massachusetts and Vermont Attorneys '
'General in October 2025.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PHI and PII',
'data_compromised': ['Full name',
'Address',
'Date of birth',
'Phone number',
'Email address',
'Social Security number',
'Health insurance information',
'Medical record number',
'Patient account number',
'Date(s) of service',
'Provider and practice name',
'Billing and diagnostic codes',
'Prescription and medication information',
'Diagnosis and treatment information'],
'identity_theft_risk': 'High (due to exposure of SSNs, health '
'insurance, and financial details)',
'legal_liabilities': ['Potential lawsuits for compensation (e.g., '
'out-of-pocket expenses, emotional distress)',
'Regulatory scrutiny'],
'systems_affected': ['Internal servers used by podiatry practice '
'clients']},
'initial_access_broker': {'high_value_targets': ['Podiatry practice client '
'servers',
'Patient PHI/PII databases']},
'investigation_status': 'Ongoing (as of Oct. 2025; law firm investigation '
'active)',
'motivation': ['Financial Gain', 'Data Theft'],
'recommendations': ['Enroll in free IDX credit monitoring and identity theft '
'protection services (if offered)',
'Monitor financial statements for suspicious activity',
'Place a fraud alert on credit reports',
'Request free annual credit reports from major bureaus',
'Seek legal counsel for potential compensation claims'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'},
{'date_accessed': '2025-10-17',
'source': 'Massachusetts Attorney General Disclosure'},
{'date_accessed': '2025-10-20',
'source': 'Vermont Attorney General Disclosure'}],
'regulatory_compliance': {'legal_actions': ['Potential class-action lawsuits '
'(led by Shamis & Gentile P.A.)'],
'regulatory_notifications': ['Massachusetts '
'Attorney General '
'(filed Oct. 17, 2025)',
'Vermont Attorney '
'General (filed Oct. '
'20, 2025)']},
'response': {'communication_strategy': ['Direct notices to affected '
'individuals (mailed Oct. 17, 2025)',
'Public disclosure via law firm '
'investigation (Shamis & Gentile '
'P.A.)'],
'incident_response_plan_activated': 'Yes (investigation '
'initiated post-discovery)',
'remediation_measures': ['Notification to affected practices '
'(Sept. 19, 2025)',
'Disclosure to Attorneys General (Oct. '
'2025)',
'Offer of free IDX credit monitoring '
'and identity theft protection']},
'stakeholder_advisories': ['Affected individuals advised to enroll in credit '
'monitoring and seek legal counsel'],
'threat_actor': 'Cybercriminal (unknown affiliation)',
'title': 'Modernizing Medicine, Inc. Data Breach (July 2025)',
'type': ['Data Breach', 'Unauthorized Access', 'Data Exfiltration']}