PDCM Insurance has experienced a data breach affecting both personally identifiable information (PII) and potentially protected health information (PHI). The breach was reported to be a ransomware attack caused by the cybercriminal group LOCKBIT 3.0, who posted details of the hack on the dark web Tor network.
PDCM disclosed the cybersecurity incident to the U.S. Department of Health and Human Services on June 27, 2025. Compromised information could include names, dates of birth, Social Security numbers, addresses, health insurance information, other insurance policy information, medical information and payment information.
The severity of the breach is heightened by the fact that the attackers have made public threats to release the data, increasing the risk of identity theft and fraud for affected individuals.
In addition to required federal and state disclosures, PDCM Insurance will work to identify and notify affected individuals with the data breach details.
If you believe your personal and protected health information may have been compromised in this breach:
For more information about the company and its services, visit the PDCM Insurance website.
A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.
This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.