Artemis Healthcare Data Breach Impacts 45k, Exposing Sensitive Patient Info

Artemis Healthcare is a company specializing in healthcare data analytics and benefits optimization who recently experienced a ransomware attack. This breach compromised sensitive information belonging to 45,867 individuals in the United States.

The incident was first detected on May 31, 2025, when Artemis discovered suspicious activity on its network. An investigation revealed that unauthorized access had occurred between May 5 and May 31, 2025, during which a ransomware group known as Crypto24 infiltrated the company’s systems.

The attackers gained access to Artemis Healthcare’s network and, according to the company, may have exfiltrated files containing a range of sensitive consumer information. On July 16, 2025, the ransomware group posted about the breach on the Tor network, signaling their intent to publicize or monetize the stolen data.

Names are the only confirmed data type. The breach may have also included personally identifiable information (PII) such as Social Security numbers, and protected health information (PHI) related to healthcare services.

Artemis Healthcare completed its forensic investigation on Sept. 12, 2025, and began notifying affected individuals shortly thereafter. The breach was officially disclosed to the Vermont Attorney General and reported to the U.S. Department of Health and Human Services.

Artemis Healthcare’s response

Following the discovery of the attack, Artemis Healthcare took steps to secure its systems, including force-changing passwords and terminating active sessions. The company engaged third-party forensic specialists to investigate the breach, determine its scope, and prevent further unauthorized access.

Artemis Healthcare has since reviewed its internal security policies and procedures and is providing additional training for employees to reduce the risk of future incidents.

For those affected, Artemis Healthcare has established a toll-free assistance line at 1-844-990-2040, available Monday through Friday from 9 a.m. to 9 p.m. Eastern time, excluding U.S. holidays.

The company encourages all individuals to remain vigilant by monitoring account statements and credit reports for suspicious activity. Given the nature of the ransomware attack and the types of data exposed, individuals should take immediate action to safeguard their identities