Think Big Health Care Solutions data breach exposes SSNs

On June 20, 2025, Think Big Health Care Solutions discovered suspicious activity involving an employee’s email account, which led to the identification of a data breach. The company, which provides healthcare consulting and practice management services, launched an investigation with the help of third-party cybersecurity specialists.

Early findings indicate that some emails and files were accessed by an unauthorized third party. While the forensic investigation is ongoing, Think Big Health Care Solutions has confirmed that a broad range of sensitive information may have been compromised.

The types of information potentially exposed in this breach are extensive and include both personally identifiable information (PII) and protected health information (PHI). The data at risk includes first and last names, Social Security numbers, Tax Identification numbers, passport numbers, addresses, dates of birth, admission dates, telephone and fax numbers, email addresses, web URLs, health insurance policy numbers, bank or financial account numbers, routing numbers, credit and debit card numbers (including CVV and expiration dates), diagnoses and medical conditions, lab results, medications, claims information, medical record numbers, other medical and health information, CPT codes and referring provider names.

The company is still in the process of identifying all affected individuals and will notify them by mail as more information becomes available. For full details, the official notice can be reviewed on the Think Big Health Care Solutions cybersecurity event notice page.

Think Big Health Care Solutions's response

In response to the breach, Think Big Health Care Solutions has taken several steps to enhance its security posture, including hiring a consulting Chief Information Officer to guide long-term cybersecurity strategy, developing new security policies and protocols, and implementing continuous compliance and education with best practices.

Additional technical measures have been put in place, such as enhanced threat detection solutions and tighter controls over password management, access controls and device usage. All staff are undergoing enhanced training on phishing prevention, secure data handling and incident response procedures to promote a security-first culture. Law enforcement has been notified of the incident.

For those affected, Think Big Health Care Solutions is offering free credit monitoring and identity protection services through HaystackID. Impacted individuals can enroll by calling 866-578-0345 and using the enrollment code provided in their notification letter. Enrollment is available for 90 days from the date of the notification letter.

For more information about the company, visit the Think Big Health Care Solutions website.