Fresenius Kabi Data Breach Compromises Sensitive Personal and Health Information

Fresenius Kabi USA LLC, a healthcare company that manufactures lifesaving medicines and medical technologies for hospitals and clinics, disclosed a data breach involving employee information stored on a network tied to its subsidiary, Ivenix.

On Jan. 8, 2026, Fresenius Kabi became aware of a third party claiming to have accessed certain company data without authorization. The company launched an investigation to understand the incident.

The investigation determined that between Jan. 6 and Jan. 9, 2026, an unauthorized third party gained access to employee data on a network associated with Ivenix. The company's findings do not indicate that the third party actually downloaded any information from the network.

On April 29, 2026, the investigation concluded that the types of personal information that may have been accessed included names, contact information (such as addresses, phone numbers and email addresses), dates of birth, government identification information (such as Social Security numbers, driver's license numbers and passport information), financial account information and certain medical information.

The company mailed affected individuals notification letters on June 17, 2026, though the company had previously sent a preliminary alert to employees via work email on Feb. 3, 2026.

At this time, 285 Massachusetts residents have been identified as affected.

Fresenius Kabi's response to the breach

Fresenius Kabi is offering all potentially affected individuals 24 months of free credit monitoring and identity protection services through Experian IdentityWorks.

Affected individuals must enroll in the credit monitoring service by Sept. 30, 2026. Individuals can sign up online or contact Experian's customer care team at 833-745-2429, Monday through Friday from 9 a.m. to 9 p.m. Eastern Time, excluding major U.S. holidays.

Individuals can also reach Experian by email at experianidworks-support@experian.com.