VITAS Hospice Services Data Breach Exposes Patient Social Security Numbers

VITAS Hospice Services, part of the Vitas Health network, experienced a data breach that exposed sensitive information belonging to patients, former patients, and in some cases, their family members. The incident occurred after an unauthorized party compromised the account of a third-party vendor and used that access to infiltrate VITAS systems between Sept. 21, 2025, and Oct. 27, 2025.

The breach was discovered on Oct. 24, 2025, prompting VITAS to secure its systems and launch an internal investigation with the help of outside cybersecurity experts. According to the disclosure filed with the California Attorney General’s office, the attackers were able to access and download a range of personal and health information.

The exposed data varies by individual but may include names, email addresses, Social Security numbers, passport IDs, bank account numbers, debit card numbers, driver’s license numbers, medical IDs, phone numbers, medical record numbers, Medicare Beneficiary Identifier ID numbers, health savings account information, International Classification of Disease (ICD) codes, and National Provider Identifier numbers.

Personally identifiable information (PII) such as Social Security numbers, driver’s license numbers, and financial account details were compromised, alongside protected health information (PHI) like medical record numbers, medical IDs, ICD codes, and Medicare IDs.

VITAS Hospice Services’ response

Given the sensitivity of the data, the company is offering affected individuals complimentary credit monitoring and identity protection services for 24 months through Epiq. These services include one-bureau credit monitoring, Social Security number monitoring, dark web monitoring, change of address monitoring, credit freeze assistance, identity restoration, lost wallet assistance, up to $1 million in identity theft insurance, and monitoring for healthcare IDs, medical record numbers, ICD codes, National Provider Identifier numbers, and health savings account information.

Individuals who receive a notification are encouraged to enroll in the provided credit and identity monitoring services as soon as possible. In addition, affected persons should remain vigilant by reviewing account statements and credit reports for suspicious activity, consider placing a fraud alert or security freeze on their credit files, and report any suspected identity theft to law enforcement or the Federal Trade Commission.

The company’s call center is available for questions at 855-403-1586, Monday through Friday, 9 a.m. to 9 p.m. Eastern Time, excluding U.S. holidays.