A cybersecurity incident at Miracle Ear has compromised thousands of individuals’ personal and medical records across multiple states.
Health Services LLC, operating as Miracle Ear, disclosed a data breach after detecting suspicious activity on its network in January 2025. Investigators determined that attackers gained access between January 2 and January 28, potentially obtaining sensitive files. The breach was officially acknowledged in a Notice of Data Security Incident published on March 31, 2025.
The compromised data includes both personally identifiable information (PII) and protected health information (PHI). Impacted details range from names, Social Security numbers, and addresses to patient IDs, medical diagnoses, treatment details, and health insurance information such as policy and subscriber IDs.
The breach was reported to state regulators in Montana and Washington on August 12, 2025, with confirmed impact on over 13,088 individuals. Since Miracle Ear operates more than 1,600 locations nationwide, the total number of affected individuals may be significantly higher.
Miracle Ear has begun mailing notifications to affected individuals and established a dedicated response line for questions. The company has also advised impacted consumers to remain vigilant against fraud and has reminded them of available steps such as credit monitoring, fraud alerts, and phishing awareness.
Medical identity theft can result in false entries in health records, leading to incorrect diagnoses, denied insurance claims, or even inappropriate treatment for patients.
State attorneys general enforce consumer protection laws and require companies to disclose breaches affecting their residents. They can also investigate whether companies took sufficient steps to secure data.
A credit freeze restricts access to your credit file, preventing new accounts from being opened, while a fraud alert flags your credit report and requires creditors to verify your identity before issuing credit.