On January 28, 2025, Persante Health Care, a national provider of sleep and balance center management services, detected unusual activity on its network, triggering an immediate cybersecurity response.
An investigation, conducted with the help of external cybersecurity experts, determined that an unauthorized actor had gained access to Persante’s systems sometime between January 23 and January 28, 2025. On October 3, 2025, Persante concluded a comprehensive review of potentially affected files and determined that certain individuals’ sensitive personal and protected health information (PHI) may have been involved.
The types of compromised data may include, depending on the individual, names, dates of birth, Social Security numbers or other government-issued ID numbers, driver’s license or passport numbers, financial account or payment card numbers, medical service dates, medical record numbers, health insurance identifiers (including Medicare/Medicaid), medical diagnoses or treatment details, and in some cases biometric identifiers.
On November 26, 2025, Persante publicly disclosed the breach on its website and began mailing formal notification letters to individuals for whom it had valid address information, offering resources such as a toll-free call centre and complimentary identity-protection services.
According to ClassAction.org, “On January 28, 2025, the company discovered unusual network activity and took action to secure its systems. An investigation, aided by external cybersecurity experts, revealed unauthorized access to certain files, potentially affecting personal data.”
New Jersey saw several major healthcare sector incidents in 2024–2025, including HealthEC’s massive July 2024 analytics-platform breach affecting more than four million patients, Cooper Health System’s 2024 network intrusion disclosed in March 2025, and Central Jersey Medical Center’s August 2025 ransomware attack.
In the case of Persante, an intrusion was detected on January 28, 2025, and was later confirmed to involve PHI, financial identifiers, and government-issued IDs. The type of data involved, the multi-month investigation timeline, and the eventual public notice in November 2025 all mirror the operational and regulatory pressures facing New Jersey entities as the state enforces its new Data Privacy Act.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
Healthcare data carries a high black-market value because it contains complete identity profiles.
Organizations often detect breaches when they observe unusual network activity, receive alerts from security tools, discover unauthorized file access, or are notified by law enforcement or external threat researchers.
Review the letter carefully, enroll in any free credit-monitoring or identity-protection services, and monitor bank, credit, and insurance accounts for suspicious activity.