US HealthConnect Inc., a healthcare education and marketing company, suffered a data breach discovered on January 25, 2025, involving unauthorized access to its internal network. The incident exposed personally identifiable information (PII) of an undetermined number of individuals, including names, dates of birth, Social Security numbers, driver’s license/state ID details, and financial account information.The breach was formally disclosed to the Massachusetts Attorney General’s office on September 4, 2025, with notifications sent to affected individuals the same day. The exposure of Social Security numbers and financial data heightens risks of identity theft and financial fraud. In response, US HealthConnect offered free Experian IdentityWorks credit monitoring and established a dedicated assistance line (833-931-9555) and email ([email protected]) for victim support.The compromised data’s sensitivity particularly financial and government-issued identifiers poses severe long-term threats to victims, including fraudulent account openings, loan applications, and targeted phishing schemes. The company’s delayed disclosure (nearly 8 months after detection) further exacerbates reputational and operational risks.
Source: https://www.claimdepot.com/data-breach/us-healthconnect-2025
TPRM report: https://www.rankiteo.com/company/us-healthconnect-inc.
"id": "us-0171301090625",
"linkid": "us-healthconnect-inc.",
"type": "Breach",
"date": "1/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 'Unknown number of individuals',
'industry': 'Healthcare Education and Marketing',
'name': 'US HealthConnect Inc.',
'type': 'Company'}],
'customer_advisories': ['Notification letters sent to impacted individuals '
'(2025-09-04)',
'Recommendations for credit monitoring, fraud alerts, '
'and phishing awareness'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 'Unknown',
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs and financial '
'details)',
'type_of_data_compromised': ['Personally identifiable '
'information (PII)',
'Names',
'Dates of birth',
'Social Security numbers',
"Driver's license/state ID "
'information',
'Financial information']},
'date_detected': '2025-01-25',
'date_publicly_disclosed': '2025-09-04',
'description': 'US HealthConnect Inc., a healthcare education and marketing '
'company, experienced a data breach where an unauthorized '
'actor accessed sensitive personal information on its internal '
'network. The breach exposed PII, including names, dates of '
"birth, Social Security numbers, driver's license/state ID "
'information, and financial details, increasing the risk of '
'identity theft and financial fraud.',
'impact': {'brand_reputation_impact': 'Potential reputational damage due to '
'exposure of sensitive PII',
'data_compromised': ['Personally identifiable information (PII)',
'Names',
'Dates of birth',
'Social Security numbers',
"Driver's license/state ID information",
'Financial information'],
'identity_theft_risk': 'High (due to exposure of SSNs and '
'financial details)',
'payment_information_risk': 'High (financial information exposed)',
'systems_affected': ['Internal network']},
'initial_access_broker': {'high_value_targets': ['Sensitive PII (SSNs, '
'financial data)']},
'investigation_status': 'Disclosed; investigation likely completed (as of '
'2025-09-04)',
'post_incident_analysis': {'corrective_actions': ['Credit monitoring services '
'for affected individuals',
'Public and individual '
'notifications']},
'recommendations': ['Sign up for free credit monitoring (Experian '
'IdentityWorks) offered by US HealthConnect.',
'Monitor credit reports and financial accounts for '
'unusual activity.',
'Be alert for phishing attempts using exposed '
'information.',
'Consider placing a fraud alert or credit freeze with '
'major credit bureaus.'],
'references': [{'source': 'US HealthConnect Data Breach Notification'}],
'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
"Attorney General's "
'office (disclosed '
'2025-09-04)',
'State and federal '
'disclosures (as '
'required)']},
'response': {'communication_strategy': ['Public disclosure to Massachusetts '
"Attorney General's office "
'(2025-09-04)',
'Direct notification to affected '
'individuals (2025-09-04)',
'Dedicated assistance line '
'(833-931-9555, Mon-Fri 8:00 '
'a.m.–8:00 p.m. CT)',
'Email support '
'([email protected])'],
'incident_response_plan_activated': True,
'remediation_measures': ['Notification to impacted individuals',
'Offer of free Experian IdentityWorks '
'credit monitoring']},
'stakeholder_advisories': ['Dedicated assistance line (833-931-9555)',
'Email support ([email protected])'],
'threat_actor': 'Unauthorized actor',
'title': 'US HealthConnect Inc. Data Breach',
'type': 'Data Breach'}