OncoHealth, Inc., a digital health company specializing in oncology-centered technology, experienced a significant data breach on September 4, 2025, when a phishing attack compromised its Zendesk customer service system. A fraudulent Zendesk account was mistakenly included in an email sent to Humana Inc., containing a file with protected health information (PHI) including first/last names, dates of birth, Humana ID numbers, and authorization numbers. The impersonator gained access to this sensitive data before the account was deactivated on September 5, 2025.The breach exposed personally identifiable information (PII) of customers, putting them at risk of identity theft, fraud, and financial harm. OncoHealth notified affected individuals on October 10, 2025, and reported the incident to the Maine Attorney General’s office on November 20, 2025. The breach stemmed from a phishing scam targeting employee communications, leading to unauthorized access to patient and partner data. Legal investigations are underway, with affected individuals potentially eligible for compensation due to the exposure of sensitive health and identification details.
Source: https://www.claimdepot.com/investigations/oncohealth-data-breach-2025
OncoHealth cybersecurity rating report: https://www.rankiteo.com/company/oncohealth
"id": "ONC0102701112225",
"linkid": "oncohealth",
"type": "Breach",
"date": "9/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'industry': 'Healthcare (Digital Health / Oncology '
'Technology)',
'location': 'Atlanta, Georgia, USA',
'name': 'OncoHealth, Inc.',
'type': 'Private Company'},
{'industry': 'Health Insurance',
'location': 'Louisville, Kentucky, USA',
'name': 'Humana Inc.',
'type': 'Public Company'}],
'attack_vector': 'Phishing (Fraudulent Zendesk Account Impersonation)',
'customer_advisories': ['Monitor financial/health accounts for fraud',
'Consider credit freezes or fraud alerts',
'Review healthcare bills for unauthorized activity'],
'data_breach': {'data_exfiltration': 'Yes (sent to impersonator’s email)',
'file_types_exposed': ['Email attachment containing PHI'],
'personally_identifiable_information': ['Full name',
'Date of birth',
'Humana ID number',
'Authorization '
'number'],
'sensitivity_of_data': 'High (includes health-related '
'identifiers)',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Protected Health Information '
'(PHI)']},
'date_detected': '2025-09-04',
'date_publicly_disclosed': '2025-10-10',
'date_resolved': '2025-09-05',
'description': 'OncoHealth, Inc., a digital health company specializing in '
'oncology-centered technology, experienced a data breach on '
'Sept. 4, 2025, when a phishing attack led to the exposure of '
'protected health information (PHI). A fraudulent Zendesk '
'account was mistakenly included in an email sent to Humana '
'Inc., resulting in PHI being sent to an impersonator. The '
'breach involved sensitive personally identifiable information '
'(PII) such as names, dates of birth, Humana identification '
'numbers, and authorization numbers. The fraudulent account '
'was deactivated on Sept. 5, 2025. Affected individuals were '
'notified on Oct. 10, 2025, and the breach was reported to the '
'Maine Attorney General’s office on Nov. 20, 2025.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive health data',
'data_compromised': ['First and last name',
'Date of birth',
'Humana identification number',
'Authorization number'],
'identity_theft_risk': 'High (due to exposure of PII/PHI)',
'legal_liabilities': 'Potential lawsuits for compensation (e.g., '
'reimbursement for out-of-pocket expenses, '
'emotional distress)',
'systems_affected': ['Zendesk Customer Service System']},
'initial_access_broker': {'entry_point': 'Phishing (fraudulent Zendesk '
'account included in email to '
'Humana)',
'high_value_targets': ['Protected Health '
'Information (PHI)']},
'investigation_status': 'Under investigation (class-action lawsuits being '
'prepared)',
'post_incident_analysis': {'root_causes': ['Human error (misaddressed email)',
'Lack of email verification for '
'external recipients']},
'recommendations': ['Monitor credit reports and account statements for '
'suspicious activity (24 months)',
'Place security freeze or fraud alert on credit files',
'Change passwords/security questions for online accounts',
'Review healthcare billing statements for unauthorized '
'charges',
'Consider joining class-action lawsuits for compensation'],
'references': [{'source': 'Shamis & Gentile P.A. Investigation Notice'}],
'regulatory_compliance': {'legal_actions': ['Potential class-action lawsuits '
'(led by Shamis & Gentile P.A.)'],
'regulatory_notifications': ['Maine Attorney '
'General’s office '
'(reported Nov. 20, '
'2025)']},
'response': {'communication_strategy': ['Written notices to affected '
'individuals',
'Public disclosure via legal '
'investigation (Shamis & Gentile '
'P.A.)'],
'containment_measures': ['Deactivation of fraudulent Zendesk '
'account'],
'incident_response_plan_activated': 'Yes (Fraudulent account '
'deactivated on Sept. 5, '
'2025)',
'recovery_measures': ['Notification to affected individuals '
'(Oct. 10, 2025)',
'Reporting to Maine Attorney General (Nov. '
'20, 2025)']},
'stakeholder_advisories': ['Written notices to affected individuals (Oct. 10, '
'2025)'],
'threat_actor': 'Unknown (Impersonator via Fraudulent Zendesk Account)',
'title': 'OncoHealth, Inc. Data Breach via Zendesk Phishing Incident',
'type': 'Data Breach (Phishing / Unauthorized Disclosure)',
'vulnerability_exploited': 'Human Error (Misaddressed Email)'}