Nova Biomedical Data Breach Affects 10k Users

Nova Biomedical Corp., a global leader in medical device manufacturing and diagnostics, experienced a data breach on July 22, 2025, affecting tens of thousands of individuals across the United States.

According to official disclosures, an unauthorized actor accessed Nova’s electronic infrastructure and deployed malware, compromising portions of the company’s systems. The breach was discovered on Dec. 18, 2025, after which Nova launched an investigation with the help of leading cybersecurity experts and coordinated with law enforcement.

Through a comprehensive review and analysis of the impacted data, Nova determined that personally identifiable information (PII) may have been affected, specifically credit and debit numbers, driver's licenses, financial account informations, medical records, and Social Security numbers.

According to the data breach disclosures of Maine Attorney General and Massachusetts Office of Consumer Affairs and Business Regulation, a total of 10,764 individuals in the United States were affected, including 5,407 Massachusetts residents and eight Maine residents. The company also filed a notice with the Vermont Attorney General.

Nova notified affected consumers by written notice on Jan. 27, 2026, and posted a notice of the incident on its website.pdf).

Nova Biomedical's response

To support those impacted, Nova is offering complimentary access to Experian IdentityWorks for 24 months. This service includes credit monitoring, identity restoration support, daily Experian credit reports for online members, and up to $1 million in identity theft insurance.

Affected individuals are encouraged to enroll by April 30, 2026, using the instructions provided in the notification letter.

Identity restoration services are available for 24 months whether or not individuals enroll in credit monitoring.

Given the method of the breach, affected individuals should remain vigilant. Nova recommends the following steps:

• Monitor online accounts, financial statements and health insurance explanations of benefits for unauthorized activity
• Place a 90-day or extended fraud alert on credit files with major credit bureaus (Equifax, Experian, TransUnion)
• Consider placing a security freeze on credit reports to prevent new credit from being opened in their name
• Order free annual credit reports and review them for discrepancies
• Be alert for phishing emails or suspicious communications
• Report suspected identity theft to law enforcement and relevant authorities