Health Alliance Plan Discloses Data Breach: Social Security Numbers Exposed

On Oct. 24, 2025, Health Alliance Plan (HAP), a Michigan-based nonprofit health insurance provider, experienced a data breach impacting 1,059 individuals.

The incident began when an unauthorized person gained access to a HAP business email account through a phishing scheme. This allowed the attacker to potentially view emails containing protected health information (PHI) and personally identifiable information (PII) of some HAP members.

The exposed information may have included names, dates of birth, addresses, HAP ID numbers, and Social Security numbers.

The breach was officially reported to the U.S. Department of Health and Human Services on Dec. 22, 2025. HAP has also posted a public notice about the breach on its website.

HAP's response

To help those affected, HAP is offering two years of complimentary identity monitoring services. This resource is designed to help individuals detect and respond quickly to any misuse of their personal information.

Given that the breach occurred through a phishing attack, affected individuals should be especially cautious about suspicious emails or phone calls, monitor their financial accounts and credit reports for unusual activity and consider placing a fraud alert or security freeze on their credit files.

Anyone who believes they may have been impacted or who has questions about the breach can contact HAP’s dedicated call center for this incident at 888-406-8920, Monday through Friday, from 9 a.m. to 9 p.m. Eastern Time. The call center is operated by Epiq Solutions, a company specializing in privacy and cybersecurity incident response.