Insightin Health Data Breach Exposes 378GB of PII and PHI

Insightin Health, a healthcare technology company specializing in AI-powered solutions for health insurers and payers, recently experienced a significant data breach that may affect members of its client organizations, including Martin's Point Health Care.

The incident was first detected in September 2025, when Insightin Health identified suspicious activity within its networked environment. A third-party application’s previously unknown vulnerability was exploited by an unauthorized actor, allowing access to certain files stored on a limited number of servers between Sept. 17, 2025, and Sept. 23, 2025.

A thorough forensic investigation revealed that files potentially accessed or copied by the unauthorized party contained a range of sensitive information.

The exposed data included member names, dates of birth, non-unique identifiers assigned by health insurance providers, contract numbers, Medicare Beneficiary Identifiers, and information associated with attributed providers.

The attack was linked to the MEDUSA ransomware group, which claimed responsibility on Sept. 26, 2025, via a posting on the Tor network. MEDUSA asserted they had obtained 378 GB of Insightin Health’s data and threatened to publish it within 23 to 24 days if their demands were not met.

The breach was officially disclosed to the California Attorney General, the Texas Attorney General, the Vermont Attorney General, and the Washington Attorney General. The company has also posted a notice on its website.

The total number of individuals affected is unknown, however, at least 143,346, previously 487, Texas residents and 11,740 Washington residents have been affected.

Insightin Health's response

For those affected, Insightin Health is offering complimentary access to twelve months of credit monitoring and identity protection services through Cyberscout, a TransUnion company.

Impacted individuals are encouraged to enroll in these services within ninety days of receiving their notification letter. Details on how to enroll are included in the notice to consumers, which is available at the bottom of this page in PDF format.

It is recommended to review account statements, monitor free credit reports, and consider placing a fraud alert or credit freeze with the major credit bureaus.

The company’s notice provides further guidance and contact information for assistance.