Sermo Data Breach Impacts 2,674: Exposes SSNs

Sermo, a leading healthcare professional platform operated by WorldOne Inc., recently experienced a data breach that has impacted 2,674 individuals across the United States, including 5 in Maine. The breach was discovered on April 10, 2024, following a power outage at Sermo’s data center in Denmark.

The unauthorized access to Sermo’s network environment began on March 19, 2024, and continued until April 10, 2024. The ransomware group Black Basta publicly claimed responsibility for the outage, listing Sermo’s parent company on its leak site and, on April 17, 2024, posting stolen data online.

Downloading and reviewing the compromised data proved challenging, as Sermo was only able to retrieve the full dataset by Sept. 20, 2024, due to the slow leak site. The leak site itself was taken down on Jan. 27, 2025.

Adding to the complexity, the MEDUSA ransomware group also claimed responsibility for a related attack, stating on July 1, 2025, that they had obtained organization data and intended to publish it on the Tor network within 10 to 11 days.

A detailed review of the downloaded files identified that the personally identifiable information was exposed, including first and last names and Social Security numbers.

The breach was reported to the Maine Attorney General on Feb. 9, 2026, and affected individuals were notified in writing on the same date.

Sermo's response

In response to the breach, Sermo secured its network environment and engaged cybersecurity professionals to conduct a thorough investigation. The company reviewed and updated its security policies and implemented additional safeguards to help prevent future incidents.

For those affected, Sermo is offering 12 months of complimentary identity monitoring services through Kroll. These services include credit monitoring, fraud consultation, and identity theft restoration. Affected individuals were provided with written notification and instructions on how to enroll in these services, as well as access to a dedicated assistance line for questions.

Given the nature of the breach, it is important for affected individuals to remain vigilant by monitoring credit reports and financial accounts for any suspicious activity. Placing a fraud alert or credit freeze with the major credit bureaus is also recommended.

The notification letter includes detailed steps and contact information for TransUnion, Experian and Equifax, as well as resources from the Federal Trade Commission and state attorneys general.