A Medicare Advantage insurer has reported a cybersecurity incident involving personal and medical information tied to thousands of individuals.
What happened
Care N’ Care Insurance Company, a Medicare Advantage provider, reported a data breach affecting at least 32,452 Texas residents. The breach involved unauthorized access to systems containing both personally identifiable information (PII) and protected health information (PHI).
The compromised data includes names, addresses, dates of birth, Social Security numbers, health insurance details, and medical information. The breach was disclosed to the Texas Attorney General’s Office on October 7, 2025.
Going deeper
The incident has raised concerns due to the nature of the exposed information. A combination of Social Security numbers and medical data can enable both identity theft and medical fraud, where threat actors use stolen details to obtain care, prescriptions, or submit fraudulent claims.
While the full scope of the breach is still being determined, the current report only reflects Texas residents. It's not yet clear whether individuals in other states were also affected.
What was said
Care N’ Care has stated that it is complying with legal requirements by notifying affected individuals via mail. The company may also offer free credit monitoring or identity protection services, although these details have not been publicly confirmed.
The insurer has not commented on the root cause of the breach, whether it was a ransomware incident, or how the unauthorized access occurred.
The big picture
According to Paubox report data, the healthcare sector is marked by “severe system vulnerabilities and escalating financial risk,” with the average cost of a data breach “as high as $11 million”, the highest of any industry. The report noted that these risks are compounded by strict regulatory oversight, as the HHS Office for Civil Rights (OCR) warns that organizations must act proactively “and not wait for an incident to reveal long-standing HIPAA deficiencies.” Paubox also found that “31.1% of breached organizations” had multiple unresolved security gaps, showing how poor technical controls and weak enforcement continue to leave patient data exposed across the industry.
FAQs
What is Medicare Advantage, and how does it differ from traditional Medicare?
Medicare Advantage (Part C) is a private insurance alternative to traditional Medicare that often includes additional benefits like prescription drug coverage, vision, or dental services.
Why is health insurance data valuable to cybercriminals?
Health insurance information can be used in medical identity theft, which allows criminals to access services, prescriptions, or submit fraudulent claims in someone else’s name.
What legal obligations does an insurer have after a data breach?
Under HIPAA and state regulations, insurers must notify affected individuals, report the breach to authorities, and often offer remediation like credit monitoring.
How can someone affected by this breach protect themselves?
Affected individuals should monitor credit reports, watch for suspicious medical bills, and consider placing fraud alerts or freezes on their credit files.
What are the potential long-term effects for breach victims?
Beyond immediate identity theft, victims may face higher insurance premiums, denied claims, or years of financial clean-up due to fraudulent medical histories tied to their records.
Farah Amod
