Included Health Data Breach Exposes PHI

Virtual care company, Included Health, experienced a data breach that has raised concerns among its users. According to a disclosure made to the Massachusetts Attorney General's office on February 13, 2025, the breach affected 3 individuals in the state.

The breach involved unauthorized access to sensitive medical records, which is a serious concern given the nature of the information exposed.

The breach was reported to have occurred due to a security vulnerability that allowed unauthorized individuals to access the company's systems. While the exact details of how the breach occurred are not fully disclosed, it is clear that the breach involved the compromise of personal health information, which is protected under strict privacy regulations.

Included Health's Response

In response to the breach, Included Health has taken several steps to address the situation and mitigate any potential harm to those affected. The company has been working closely with cybersecurity experts to investigate the breach and enhance their security measures to prevent future incidents.

While specific resources provided to affected individuals have not been publicly disclosed yet, it is common for companies in such situations to offer credit monitoring services and identity theft protection.

For those who may have been affected, it is advisable to monitor your medical and financial records closely for any unusual activity. If you notice any discrepancies, report them immediately to the relevant authorities and consider contacting Included Health for further assistance. It's also a good practice to update your passwords and ensure that your personal information is protected by enabling two-factor authentication where possible.