Zelis Healthcare LLC, a provider of healthcare payment and cost management technology, suffered a data breach disclosed to the U.S. Department of Health and Human Services on August 12, 2025, affecting at least 4,289 individuals. The incident exposed personally identifiable information (PII) and protected health information (PHI), including names, contact details, dates of birth, Social Security numbers, driver’s license/state ID numbers, medical records, health insurance data, and payment card details (including CVV codes). The breach’s severity stems from the sensitive nature of the compromised data, which could enable identity theft, financial fraud, or medical fraud. Zelis Healthcare is notifying impacted providers and patients via mail and advising vigilance against phishing attempts. The exposure of health records and financial data elevates the risk of long-term harm to affected individuals, including potential misuse of medical identities for fraudulent claims or unauthorized access to healthcare services. Given the healthcare sector’s regulatory scrutiny (HIPAA) and the high-value targets (PHI/PII), the breach poses reputational, financial, and operational risks to Zelis, while patients face heightened vulnerability to cybercrime.
Source: https://www.claimdepot.com/data-breach/zelis-healthcare-2025
TPRM report: https://www.rankiteo.com/company/zelis
"id": "zel518090325",
"linkid": "zelis",
"type": "Breach",
"date": "8/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': 4289,
'industry': 'Healthcare Payment and Cost Management',
'name': 'Zelis Healthcare LLC',
'type': 'Healthcare Technology Provider'}],
'customer_advisories': 'Affected individuals advised to monitor accounts, '
'place fraud alerts, and report suspicious activity.',
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': 4289,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (includes SSNs, medical records, '
'and payment card details)',
'type_of_data_compromised': ['PII',
'PHI',
'Names',
'Contact Information',
'Dates of Birth',
'Social Security Numbers',
"Driver's License or State ID "
'Numbers',
'Medical Records',
'Health Insurance Information',
'Payment Information (card '
'numbers, CVV codes)']},
'date_publicly_disclosed': '2025-08-12',
'description': 'Zelis Healthcare LLC, a company that provides healthcare '
'payment and cost management technology for the healthcare '
'industry, experienced a data breach. The breach compromised '
'both personally identifiable information (PII) and, '
'potentially, protected health information (PHI). Exposed '
'information may include names, contact information, dates of '
"birth, Social Security numbers, driver's license or state ID "
'numbers, medical records, health insurance information, '
'payment information including payment card numbers and CVV '
'codes.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'exposure of sensitive healthcare and '
'personal data',
'data_compromised': ['Personally Identifiable Information (PII)',
'Protected Health Information (PHI)',
'Names',
'Contact Information',
'Dates of Birth',
'Social Security Numbers',
"Driver's License or State ID Numbers",
'Medical Records',
'Health Insurance Information',
'Payment Information (including payment card '
'numbers and CVV codes)'],
'identity_theft_risk': 'High (due to exposure of SSNs, payment '
'info, and PHI)',
'payment_information_risk': 'High (payment card numbers and CVV '
'codes exposed)'},
'investigation_status': 'Ongoing (disclosure phase; notifications being sent '
'to affected individuals)',
'recommendations': ['Monitor financial accounts and credit reports for signs '
'of identity theft.',
'Place fraud alerts or credit freezes with major credit '
'bureaus.',
'Be cautious of unsolicited emails or phone calls '
'requesting personal information (phishing risk).',
'Review notices from Zelis Healthcare or medical '
'providers for further instructions.'],
'references': [{'source': 'Claim Depot (via public disclosure summary)'},
{'source': 'Zelis Healthcare LLC Website'}],
'regulatory_compliance': {'regulations_violated': ['Potential HIPAA '
'violations (due to PHI '
'exposure)',
'State data breach '
'notification laws'],
'regulatory_notifications': ['U.S. Department of '
'Health and Human '
'Services (disclosed '
'on 2025-08-12)',
'State regulators (as '
'required by law)']},
'response': {'communication_strategy': 'Notification to impacted providers '
'and patients by mail, along with '
'state and federal disclosures (e.g., '
'to the U.S. Department of Health and '
'Human Services). Public advisory for '
'affected individuals to monitor '
'accounts, place fraud alerts, and be '
'cautious of phishing attempts.',
'incident_response_plan_activated': True},
'stakeholder_advisories': 'Providers and patients notified by mail; public '
'advisory issued for general awareness.',
'title': 'Zelis Healthcare LLC Data Breach',
'type': 'Data Breach'}