Medical Breaches Happen Often. Here’s How to Prepare

One recent healthcare breach may have exposed millions of Social Security numbers

When a company suffers a data breach, the outcome can be bad for consumers. When the breach is healthcare-related—affecting patients or insurance policyholders—it can be devastating.

Based on HHS data as reported in The HIPAA Journal, nearly 62 million people had their protected health information exposed or impermissibly disclosed in 2025. According to Security Today, more than 2,200 U.S. healthcare centers have reported breaches since 2023.

Apart from providers, hospitals, and insurers, breaches can also hit healthcare vendors. In one recent example, a massive breach of TriZetto Provider Solutions—a provider of claims management and billing services for the healthcare industry—compromised personal and health insurance information for more than 3.4 million people. The exposed data may have included names, addresses, dates of birth, Social Security numbers, and insurance ID numbers.

Why healthcare breaches are especially serious

The impact of a healthcare-related breach can be far more acute, complex, and longer-lasting than that of other types of breaches. This is because a person’s healthcare file contains extremely sensitive details about their well-being and identity, and could include confidential financial information. Breaches like the one at TriZetto, involving not just publicly available data but private information like Social Security numbers, are particularly dangerous.

If your protected health information (PHI)—such as your Social Security number, medical history, prescriptions, financial details, and insurance policy information—has been exposed in a healthcare breach, the long-term threat to your privacy and identity could include:

Increased risk of identity theft and medical or insurance fraud. Cybercriminals could use your personal and financial information to impersonate you and file false claims in your name, leaving you stuck with undeserved medical bills and potentially destroying your credit. You could also wind up paying the price in terms of fines, legal action, or loss of insurance coverage. Meanwhile, fraudsters could sell your data to the highest bidder on the dark web.

Increased risk of scams and denial of care. Bad actors could use stolen medical records to misrepresent your health status, potentially causing you to be denied proper care or receive incorrect treatments. They might even use your health details against you as part of a coercion or blackmail campaign, or in phishing campaigns where they reach out with fake offers of free treatments or benefits for your medical condition.

Potential denial of access to your medical records. Privacy laws require healthcare providers to keep everyone’s medical information private, including that of fraudsters. This means if you contact your provider and tell them an imposter’s information may have gotten into your medical records, they might deny access to those records simply because a second person’s identity may be involved.

Mental and emotional anguish. If intimate details about your health and well-being have been exposed, it might lead to feelings of fear, distrust, and anxiety. If you lose trust in your medical providers, you might start to avoid medical care, which could affect your long-term health.

How to protect yourself against medical data breaches

Because healthcare data breaches can happen at any time, it’s best to take day-to-day preventive measures that can limit damage should one occur. Here are some tips:

• Always be vigilant for signs of medical identity theft: bills for services you never received, collection notices about medical debts you don’t recognize, or unexpected notices that you’ve reached your insurance plan limit or been denied coverage.

• Never share information about your medical benefits or insurance with anyone other than your medical provider.

• Never give out your Social Security number to medical providers. It should never be used as a medical ID number.

• When using an online patient portal, choose a strong password and change it often. Add multifactor authentication to the account, which creates a second layer of protection. Never share your login credentials with anyone else.

• Carefully review Explanation of Benefits (EOB) statements from your medical insurer. Look for any unusual charges or activity, and notify the insurer right away if something seems suspicious.

• Breaches often occur within healthcare-related apps. Before you use any healthcare app, research the company and its safety reputation, and check the privacy policy to see how the company will protect your sensitive information.

• If you lose your medical ID card, it could fall into the wrong hands. Be extremely careful with your card, and never share it. For better protection, store the information digitally in a password manager tool.

What to do if your information may have been exposed

If you receive a notification letter or hear news about a data breach affecting one of your medical providers, it’s time to kick your protective measures up a notch.

• Ask your healthcare insurer to have your account number changed if possible.

• Immediately change the passwords for any online health portals you use.

• Request a copy of your medical records from each of your providers—this way you’ll have an accurate record on hand in case a fraudster’s information ends up in your file.

• Check EOBs from your insurers even more closely than usual.

• If you’ve stored payment information in a health portal, this data could be at risk. Ask your bank and credit card issuers to put alerts on your accounts, even if your medical provider claims financial information was not involved in the breach.

• Check your credit score and credit reports carefully, especially for any sign of fraudulent medical debts, on an ongoing basis.

• Consider getting comprehensive identity protection coverage such as the IDX Complete Plan. It includes guaranteed identity recovery and dark web monitoring that alerts you if your personal information (including medical data) is being traded by cybercriminals.

What to do if you suspect medical identity theft

If you believe you’ve become victimized by medical identity theft, it’s imperative that you get your records corrected and immediately begin the process of recovering your identity.

Get hold of your medical records. If you haven’t already done so, contact your provider for a full copy of your records so that you can review for accuracy and request corrections if needed. Avoid mentioning fraud or theft in your request, because as mentioned earlier, a medical provider might deny access if they believe another person’s data is involved.

Reach out to your medical provider’s billing department. Medical identity theft often results in unwarranted debt or fraudulent claims for medical services. If you’ve discovered an unusual debt, contact your provider’s billing department and ask them to confirm things like the dates of service, the facility where services were provided, and the doctor and medical code involved.

Notify your healthcare insurer. Additionally, if you discover fraudulent charges or claims involving Medicare or Medicaid coverage, file a report online or call 800-HHS-TIPS.

Notify the authorities. File an Identity Theft Report with the Federal Trade Commission. If you receive phishing messages or calls that may involve your stolen medical information, report them to the FBI’s Internet Crime Complaint Center.

Keep watching your credit score and credit reports. Look for further signs of fraudulent medical debts, and keep checking EOBs for unusual claims.

Start reclaiming your identity. The FTC offers helpful resources at its IdentityTheft.gov website for anyone choosing to begin the identity recovery process on their own. But note that it can be a long and stressful process. As an alternative, you can call upon a dedicated recovery team like the one available through the IDX Complete Plan. They’ll work on your behalf to help ensure your identity is fully restored.