Conifer Data Breach Exposes Sensitive Pediatric Patient Data

On Aug. 28, 2025, Conifer Value-Based Care, LLC, a business line within Conifer Health Solutions that provides administrative services to healthcare providers and plans, discovered that an unauthorized third party had gained access to an employee’s Microsoft Office 365-hosted business email account. The information exposed in this breach may have included personally identifiable information (PII) as well as protected health information of pediatric patients, their parents and guarantors.

The unauthorized access occurred on Aug. 28 and Aug. 29, 2025. Importantly, the compromised email account was separate from Conifer’s internal network and systems, which were not affected by this incident. Exposed information includes name, date of birth, medical information and health insurance details.

Upon learning of the breach, Conifer immediately took steps to contain the threat and launched a comprehensive investigation. The review process, completed Nov. 10, 2025, identified individuals whose information may have been exposed. On Nov. 14, 2025, Conifer notified affected providers and health plans. The process of verifying and locating addresses for potentially affected individuals was completed by Dec. 5, 2025.

The exact details of the comprised information varies by person, but it could be significant. This incident was officially disclosed to the California Attorney General on Dec. 18, 2025. The company has also posted a Notice of Data Breach on its dedicated website.

Conifer Value-Based Care's response

Conifer responded quickly by containing the threat and initiating a thorough investigation. They have enhanced security controls and monitoring practices to help prevent similar incidents in the future. The company has also worked closely with providers and health plans to identify and notify affected individuals.

If you receive notification from Conifer or your provider about this breach, you may want to:

• Sign up for the free IDX identity theft protection services, offered by Conifer.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

Impacted individuals can call 1-833-781-8318 for additional information and support.