Veradigm Data Breach Exposes Thousands of SSNs and Medical Records

Published

September 23, 2025

Updated

September 23, 2025

Veradigm

Types of INFORMATION affected

Names
Social Security Numbers
Dates of Birth
Addresses
Government IDs
Medical Info
Financial Info

On July 1, 2025, Veradigm , a national healthcare technology provider, discovered a significant data breach affecting at least tens of thousands of individuals across the United States.

An investigation revealed that the cybersecurity incident, involving unauthorized access to a storage account containing sensitive patient data, took place around Dec. 15, 2024.

The types of information exposed included names, contact information, dates of birth, Social Security numbers, driver's license numbers, health insurance information, medical records including diagnoses, medications, test results and treatments and payment details.

The total number of individuals affected has not been released but includes tens of thousands of patients from multiple healthcare practices. Veradigm began notifying impacted medical practices and their patients by mail on Sept. 22, 2025.

Veradigm disclosed the breach to various state agencies beginning on Sept. 22, 2025, including the Massachusetts, South Carolina and Texas Attorney Generals' offices.

The state specific disclosures note that there have been 41,523 Texans affected, 23,491 South Carolina residents and 202 in Massachusetts. residents affected by the breach.

The breach is considered severe due to the combination of data types exposed, which can be used for identity theft and insurance fraud.

Veradigm's response

In response to the breach, Veradigm engaged cybersecurity experts to conduct a thorough review of the impacted storage account. In addition to required state and federal disclosures, the company is offering free Experian IdentityWorks credit monitoring services to all impacted indivuals.

If you receive a notice from Veradigm or your provider about this breach, you may want to:

Sign up for the free credit monitoring services, provided by the company.
Monitor your credit reports and financial accounts for any unusual activity.
Be alert for phishing emails or phone calls that may use your exposed information.
Consider placing a fraud alert or credit freeze with major credit bureaus.

Protect Your Data

A breach notice means your personal details could be circulating far beyond the organization involved. One practical step is continuous monitoring: services such as Identity Defender (included with an ExpressVPN subscription) can automatically check dark-web markets, flag new credit-file activity, and request removal of your information from data-broker sites.

This kind of “early-warning system” can’t undo a breach, but it can help you spot misuse quickly and limit further exposure. ExpressVPN is offering 61% off, risk-free for 30 days, with ID Theft Insurance included and no extra cost for those who sign up for one or two years.