1 min read

Miracle Ear data breach exposes personal and health information

Picture of Farah Amod Farah Amod Aug 28, 2025 11:30:00 PM

Healthcare cybersecurity news
miracle ear logo

A cybersecurity incident at Miracle Ear has compromised thousands of individuals’ personal and medical records across multiple states.

 

What happened

Health Services LLC, operating as Miracle Ear, disclosed a data breach after detecting suspicious activity on its network in January 2025. Investigators determined that attackers gained access between January 2 and January 28, potentially obtaining sensitive files. The breach was officially acknowledged in a Notice of Data Security Incident published on March 31, 2025.

 

Going deeper

The compromised data includes both personally identifiable information (PII) and protected health information (PHI). Impacted details range from names, Social Security numbers, and addresses to patient IDs, medical diagnoses, treatment details, and health insurance information such as policy and subscriber IDs.

The breach was reported to state regulators in Montana and Washington on August 12, 2025, with confirmed impact on over 13,088 individuals. Since Miracle Ear operates more than 1,600 locations nationwide, the total number of affected individuals may be significantly higher.

 

What was said

Miracle Ear has begun mailing notifications to affected individuals and established a dedicated response line for questions. The company has also advised impacted consumers to remain vigilant against fraud and has reminded them of available steps such as credit monitoring, fraud alerts, and phishing awareness.

 

FAQs

Why is medical identity theft considered especially dangerous?

Medical identity theft can result in false entries in health records, leading to incorrect diagnoses, denied insurance claims, or even inappropriate treatment for patients.

 

What is the role of state attorneys general in a breach like this?

State attorneys general enforce consumer protection laws and require companies to disclose breaches affecting their residents. They can also investigate whether companies took sufficient steps to secure data.

 

How do credit freezes differ from fraud alerts?

A credit freeze restricts access to your credit file, preventing new accounts from being opened, while a fraud alert flags your credit report and requires creditors to verify your identity before issuing credit.

 

 

Download the HIPAA compliant email checklist

Download the HIPAA compliant email checklist
Colorful cryptocurrency coins including Bitcoin and Ethereum on black background

Coinbase breach exposes insider threats extortion scheme

Picture of Tshedimoso Makhene Tshedimoso Makhene : May 23, 2025 5:10:44 AM

Coinbase has revealed a data breach involving bribed overseas support agents who leaked customer information. This incident resulted in an...

Healthcare cybersecurity news
Read More
Digital shield with keyhole on blue hexagonal technology background

Learning from recent email breaches

Picture of Tshedimoso Makhene Tshedimoso Makhene : Oct 15, 2024 3:52:22 PM

In recent months, four HIPAA-covered entities—Southern Bone & Joint Specialists, Connally Memorial Medical Center, Rim Country Health and...

Email security Healthcare cybersecurity news
Read More
episource logo

Episource data breach exposes health records of over 5 million patients

Picture of Farah Amod Farah Amod : Jun 23, 2025 7:00:48 PM

A cyberattack on a healthcare software firm has compromised sensitive medical and personal data linked to multiple US insurers and providers.

Healthcare cybersecurity news
Read More