Pivot Health Data Breach Exposes Sensitive Information of Over 1,100 Texas Residents
Pivot Health, a tech-driven insurance provider specializing in short-term medical and supplemental health plans, confirmed a data breach after detecting suspicious activity in its Amazon Web Services (AWS) environment on March 13, 2026. A forensic investigation revealed that an unauthorized actor accessed the system between February 26 and March 13, 2026, viewing or copying sensitive data.
The exposed information includes names, dates of birth, health insurance details, billing and payment records, identification numbers, coverage dates, and financial account information. Pivot Health conducted a review to identify affected individuals and notified them via mail and a website notice. The breach was reported to the Texas Attorney General, with 1,172 Texas residents confirmed as impacted.
Pivot Health, founded in 2015, operates as a subsidiary of HealthCare.com, the largest privately owned U.S. health insurance comparison platform. The company offers short-term medical plans, dental and vision coverage, and supplemental indemnity products.
Legal firms, including Shamis & Gentile P.A., are investigating potential compensation claims for affected individuals. No further details on the attacker’s identity or motives have been disclosed.
Source: https://www.claimdepot.com/investigations/pivot-health-data-breach-2026
Pivot Health by Healthcare.com cybersecurity rating report: https://www.rankiteo.com/company/pivothealth
Pivot Health Inc cybersecurity rating report: https://www.rankiteo.com/company/pivot-health-inc
"id": "PIVPIV1778783612",
"linkid": "pivothealth, pivot-health-inc",
"type": "Breach",
"date": "2/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': '1,172 Texas residents',
'industry': 'Health Insurance',
'location': 'United States',
'name': 'Pivot Health',
'type': 'Insurance Provider'}],
'attack_vector': 'Unauthorized access to AWS environment',
'customer_advisories': 'Mail and website notice to affected individuals',
'data_breach': {'data_exfiltration': 'Viewed or copied',
'number_of_records_exposed': '1,172',
'personally_identifiable_information': 'Yes',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Names',
'Dates of birth',
'Health insurance details',
'Billing and payment records',
'Identification numbers',
'Coverage dates',
'Financial account information']},
'date_detected': '2026-03-13',
'description': 'Pivot Health, a tech-driven insurance provider specializing '
'in short-term medical and supplemental health plans, '
'confirmed a data breach after detecting suspicious activity '
'in its Amazon Web Services (AWS) environment. An unauthorized '
'actor accessed the system between February 26 and March 13, '
'2026, viewing or copying sensitive data, including names, '
'dates of birth, health insurance details, billing and payment '
'records, identification numbers, coverage dates, and '
'financial account information. The breach was reported to the '
'Texas Attorney General, with 1,172 Texas residents confirmed '
'as impacted.',
'impact': {'data_compromised': 'Sensitive personal and health information',
'identity_theft_risk': 'High',
'payment_information_risk': 'High',
'systems_affected': 'Amazon Web Services (AWS) environment'},
'investigation_status': 'Ongoing',
'references': [{'source': 'Texas Attorney General'}],
'regulatory_compliance': {'legal_actions': 'Potential compensation claims '
'under investigation by Shamis & '
'Gentile P.A.',
'regulatory_notifications': 'Reported to Texas '
'Attorney General'},
'response': {'communication_strategy': 'Mail and website notice to affected '
'individuals',
'third_party_assistance': 'Forensic investigation'},
'title': 'Pivot Health Data Breach Exposes Sensitive Information of Over '
'1,100 Texas Residents',
'type': 'Data Breach'}