Recently, Persante announced that it had experienced a data breach in which sensitive personal identifiable information and protected health information in its care may have been compromised. According to the breach notice shared on its website, on or about January 28, 2025, Persante became aware of unusual activity in its network.1 As a result, Persante launched an investigation to determine the nature of the incident.
Through its investigation, Persante confirmed that sensitive personal information and protected health information in its systems may have been accessed and/or acquired by an unauthorized third party between January 23 and January 28, 2025. As a result, Persante began a review of the data to determine what information had been impacted as well as identify the specific individuals affected. While the information impacted varies depending on the individual, the type of information potentially exposed includes:
Name
Social Security number
Date of birth
Financial account number
Payment card numbers
Driver’s license number
State identification number
Passport number
Governmental identification number
Individual taxpayer identification number
Medical information (dates of medical service, physician or medical facility information, medical condition or treatment information, medical diagnosis information, Medicare or Medicaid number, patient account number, medical record number, medical device identifiers)
Individual health insurance policy number
Biom
Source: https://straussborrelli.com/2025/12/01/persante-health-care-data-breach-investigation/
Persante cybersecurity rating report: https://www.rankiteo.com/company/persante-health-care
"id": "PER1764634088",
"linkid": "persante-health-care",
"type": "Breach",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'incident': {'affected_entities': [{'customers_affected': None,
'industry': 'Healthcare',
'location': None,
'name': 'Persante',
'size': None,
'type': 'Organization'}],
'customer_advisories': 'Breach notice published on website',
'data_breach': {'data_encryption': None,
'data_exfiltration': 'Potential (accessed and/or '
'acquired by unauthorized '
'third party)',
'file_types_exposed': None,
'number_of_records_exposed': None,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally '
'Identifiable '
'Information (PII)',
'Protected Health '
'Information (PHI)',
'Financial '
'Information',
'Biometric Data']},
'date_detected': '2025-01-28',
'description': 'Persante announced a data breach where sensitive '
'personal identifiable information (PII) and '
'protected health information (PHI) may have been '
'compromised. Unusual network activity was '
'detected on January 28, 2025, prompting an '
'investigation. It was confirmed that an '
'unauthorized third party accessed and/or '
'acquired data between January 23 and January 28, '
'2025. The exposed information includes names, '
'Social Security numbers, financial details, '
'medical records, and biometric data.',
'impact': {'brand_reputation_impact': None,
'conversion_rate_impact': None,
'customer_complaints': None,
'data_compromised': ['Name',
'Social Security number',
'Date of birth',
'Financial account number',
'Payment card numbers',
'Driver’s license number',
'State identification number',
'Passport number',
'Governmental identification '
'number',
'Individual taxpayer '
'identification number',
'Medical information (dates of '
'service, physician/medical '
'facility info, medical '
'condition/treatment, diagnosis, '
'Medicare/Medicaid number, '
'patient account number, medical '
'record number, medical device '
'identifiers)',
'Individual health insurance '
'policy number',
'Biometric data'],
'downtime': None,
'financial_loss': None,
'identity_theft_risk': 'High (PII and PHI exposed)',
'legal_liabilities': None,
'operational_impact': None,
'payment_information_risk': 'High (financial account '
'and payment card numbers '
'exposed)',
'revenue_loss': None,
'systems_affected': None},
'initial_access_broker': {'backdoors_established': None,
'data_sold_on_dark_web': None,
'entry_point': None,
'high_value_targets': None,
'reconnaissance_period': None},
'investigation_status': 'Ongoing (review of impacted data and '
'affected individuals in progress)',
'post_incident_analysis': {'corrective_actions': None,
'root_causes': None},
'ransomware': {'data_encryption': None,
'data_exfiltration': None,
'ransom_demanded': None,
'ransom_paid': None,
'ransomware_strain': None},
'references': [{'date_accessed': None,
'source': 'Persante Breach Notice',
'url': None}],
'regulatory_compliance': {'fines_imposed': None,
'legal_actions': None,
'regulations_violated': None,
'regulatory_notifications': None},
'response': {'adaptive_behavioral_waf': None,
'communication_strategy': 'Breach notice published '
'on website',
'containment_measures': None,
'enhanced_monitoring': None,
'incident_response_plan_activated': True,
'law_enforcement_notified': None,
'network_segmentation': None,
'on_demand_scrubbing_services': None,
'recovery_measures': None,
'remediation_measures': None,
'third_party_assistance': None},
'threat_actor': 'Unauthorized third party',
'title': 'Persante Data Breach Involving Sensitive Personal and '
'Health Information',
'type': 'Data Breach'}}