OncoHealth Data Breach Exposes Names & Dates of Birth

On Nov. 20, 2025, OncoHealth, Inc., a digital health company specializing in oncology-focused solutions, disclosed they experienced a data breach resulting in the potential exposure of personally identifiable information (PII) and protected health information (PHI).

According to the notice, on Aug. 26, 2025, a fraudulent Zendesk account was mistakenly included in an email distribution sent to Humana Inc., a partner of OncoHealth for medical oncology prior authorizations. As a result, an email containing a file with protected health information (PHI) was inadvertently delivered to the impersonator’s email address as well as to the intended Humana employees.

The company discovered the breach on Sept. 4, 2025. Potential information exposed in this incident included first and last name, date of birth, Humana identification number and authorization number. The exposure of both PII and PHI puts individuals at risk of identity theft and medical fraud. The company began notifying impacted individuals by mail on Oct. 10, 2025, and have since mailed follow-up notices.

OncoHealth disclosed the data breach to the Maine Attorney General's office on Nov. 20, 2025.

OncoHealth's response

In response to the incident, OncoHealth has taken several steps to enhance its security and prevent similar events in the future. The company has strengthened internal controls, increased security awareness among staff and updated Zendesk system protections and training materials.

If you receive a notice from OncoHealth about this breach, you may want to:

• Sign up for the free identity protection services, if offered by OncoHealth.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.