US HealthConnect has disclosed a data breach after discovering suspicious activity in its systems earlier this year, warning that an unauthorized actor may have accessed sensitive personal information.
According to Claim Depot, US HealthConnect Inc., a provider of healthcare education and digital media services, discovered a data breach on January 25, 2025, when suspicious activity was detected on its internal computer network. Subsequent investigation revealed that one or more unauthorized actors had gained access to certain systems housing sensitive personal data.
The breach may have exposed a variety of personally identifiable information (PII) and possibly health-/financial-related details. Among the categories of data potentially accessed are:
Related: What is the difference between PII and PHI?
US HealthConnect engaged external cybersecurity specialists to investigate the breach. The firm has begun notifying people by mail as of September 4, 2025, and is offering free credit monitoring services through Experian, as well as identity protection services. Regulatory disclosures were made to multiple state attorney general offices.
US HealthConnect is also reported to have reviewed and is enhancing its internal security, policies, and technical safeguards to help prevent future incidents.
In its official notice, US HealthConnect stated that on January 25, 2025, it “became aware of suspicious activity in its computer environment” and, with third-party cybersecurity specialists, confirmed that “an unauthorized actor gained access to certain systems and may have accessed certain information.”
The company stated, “We take this event and the security of information in our care seriously,” and noted that while there is “no indication of identity theft or fraud,” it is offering 24 months of free Experian credit monitoring and identity restoration services.
Affected individuals were urged to “remain vigilant against incidents of identity theft and fraud by reviewing your account statements and credit reports for suspicious activity” and were directed to a dedicated helpline and email address for support.
Although the full scale of the breach (in terms of the number of individuals affected) is not yet known, US HealthConnect’s own disclosures indicate that highly sensitive information was exposed. Individuals affected must remain vigilant, use any available credit or identity protection services, and closely monitor their financial and credit accounts.
See also: HIPAA Compliant Email: The Definitive Guide (2025 Update)
If the compromised systems contained protected health information (PHI) under HIPAA, it could trigger HIPAA reporting requirements. Regulators will determine whether violations occurred.
With Social Security numbers, dates of birth, and financial information exposed, risks include identity theft, credit fraud, unauthorized loans, and phishing scams.