Solventum Data Breach Affects Exposes PHI and PII of Patients

Solventum, an American healthcare company that provides technology services to hospital systems, disclosed a data breach in late March 2026 that involved patient information from hospitals it serves. Solventum posted a substitute notice on its website informing affected individuals about the incident.

On March 29, 2026, an unauthorized party gained access to limited systems and data related to some Solventum customers and their patients. Solventum's Health Information Systems division provides services to many hospital systems that involve access to and use of patient information.

Upon learning of the breach, the company initiated an investigation and engaged outside forensic experts to help assess the nature and scope of the incident.

On April 19, 2026, a threat actor known as SeraphimGroup claimed responsibility for the breach in a posting on the open web. The group alleged that it had breached data from Solventum.

The types of information confirmed to have been exposed included both personally identifiable information and protected health information such as first and last name, address, dates of birth, medical record numbers, medical history and diagnoses.

The total number of individuals affected in the United States has not been publicly disclosed at this time.

Solventum's response to the breach

Solventum provided affected individuals with recommendations on monitoring their health and financial accounts for any suspicious activity. The company directed those with questions to contact IDX, which is managing inquiries on behalf of Solventum related to the incident.

Affected individuals who have questions about the breach can call 1-855-830-9403. IDX representatives are available to assist Monday through Friday from 9 a.m. to 9 p.m. Eastern Time.