TrueRCM Data Breach Exposes Info of 1,247 Individuals

TrueRCM, a Rapid Care Transcription company headquartered in Arlington Heights, Illinois, disclosed a data breach that affected approximately 1,247 individuals in the United States.

TrueRCM detected the incident on or about Nov. 24, 2025, and began sending notification letters dated March 13, 2026.

Affected individuals' information was in TrueRCM's care as a result of the medical billing services it provides to healthcare clients, including Comprehensive Rehab Consultants LLC.

The breach was reported to the U.S. Department of Health and Human Services on Jan. 20, 2026, and to the Massachusetts Office of Consumer Affairs and Business Regulation on March 19, 2026, with 21 Massachusetts residents identified as affected. The company also posted a notice about the incident on its website.

What happened in the TrueRCM data breach

According to the company's notification letter, an unauthorized third party gained access to TrueRCM's network environment. The incident caused systems and servers to become inoperable for a limited time.

The investigation, which the company stated remains ongoing, determined that on Nov. 21, 2025, the unauthorized party acquired certain personal information from the network. This means the attacker had access to the company's systems before the breach was detected three days later.

The personally identifiable information (PII) potentially exposed included first and last name, address, date of birth, Social Security number, driver's license number and state ID number.

Protected health information (PHI) potentially exposed included admission date, diagnosis information, care provider names and treatment facilities.

The types of information affected were different for each individual, and not every person had all elements exposed. The company also noted that claims data, credit card numbers and other financial information were not exposed as a result of the incident.

TrueRCM's response to the breach

Because the breach involved sensitive information such as Social Security numbers, driver's license numbers and medical records, TrueRCM is offering affected individuals 24 months of free credit monitoring, credit report and credit score services through Cyberscout, a TransUnion company specializing in fraud assistance and remediation.

These services send same-day alerts when changes occur to a person's credit file. The company is also providing proactive fraud assistance to help individuals with questions or in the event they become a victim of fraud.

Affected individuals can enroll in the free monitoring services by visiting Cyberscout's enrollment page and entering the unique code included in their notification letter. Enrollment must be completed within 90 days of the date of the letter.

For questions about the incident, TrueRCM has set up a dedicated help line at 1-800-405-6108, available Monday through Friday from 8 a.m. to 8 p.m. ET, excluding holidays. The help line will be available for 90 days from the date of the notification letter.

Steps to take if your information was exposed

• Place a fraud alert or credit freeze with Equifax (1-888-298-0045), Experian (1-888-397-3742) and TransUnion (1-800-916-8800) to help prevent unauthorized accounts from being opened.
• Request free credit reports at AnnualCreditReport.com and review them carefully for any unfamiliar accounts, inquiries or changes.
• Monitor health insurance statements for any services, treatments or claims that were not actually received, as medical information was involved in this breach.
• Check driver's license records with your state motor vehicle agency for any signs of misuse, since driver's license and state ID numbers were among the types of information potentially exposed.
• Watch for phishing attempts that reference TrueRCM, Rapid Care Transcription or this data breach by name, as scammers may try to use the incident to trick people into sharing more personal information.
• Report suspected identity theft to the Federal Trade Commission at IdentityTheft.gov or by calling 1-877-438-4338, and file a report with local law enforcement if fraudulent activity is detected.