True RCM Data Breach Affects 1,247 Individuals in US

On Jan. 20, 2026, True RCM, a Rapid Care Transcription, Inc., Company, disclosed a data breach to the U.S. Department of Health and Human Services affecting 1,247 individuals in the United States.

While the specific technical details of the breach have not been made public, the disclosure indicates that sensitive data held by the company was accessed or exposed without authorization.

The types of information exposed have not been explicitly listed in public filings, but given True RCM’s role as a revenue cycle management provider for healthcare organizations, it is likely that both PII and PHI were involved. This may include names, addresses, dates of birth, medical billing details, insurance information, and possibly Social Security numbers or clinical data, though this has not been confirmed.

True RCM's response

In response to the breach, True RCM has notified federal authorities as required by law and has begun the process of informing affected individuals.

At this time, there is no public information detailing the specific steps the company has taken to contain the breach or prevent future incidents. Typically, in cases like this, companies work to secure their systems, investigate the cause of the breach, and implement additional safeguards.

Those affected should remain vigilant for signs of identity theft or misuse of their medical or personal information. It is advisable to monitor credit reports, review medical statements for unfamiliar activity, and consider placing a fraud alert or credit freeze with major credit bureaus.

If any suspicious activity is detected, individuals should contact their healthcare provider and financial institutions immediately.