VITAS Hospice Services Data Breach Exposes Patient Info of 319,177

VITAS Hospice Services, part of the Vitas Health network, experienced a data breach that exposed sensitive information belonging to patients, former patients, and in some cases, their family members.

According to the VITAS Data Security Incident Notice, the incident occurred after an unauthorized party compromised the account of a third-party vendor and used that access to infiltrate VITAS systems between Sept. 21, 2025, and Oct. 27, 2025.

The breach was discovered on Oct. 24, 2025, prompting VITAS to secure its systems and launch an internal investigation with the help of outside cybersecurity experts. According to the notice, the attackers were able to access and download a range of personal and health information.

The cybersecurity incident has impacted at least 319,177 individuals, including 5,633 residents in Texas. This is an ongoing investigation, and the number of affected individuals nationally and in other states has not yet been made public.

The exposed data varies by individual but may include names, email addresses, Social Security numbers, passport IDs, bank account numbers, debit card numbers, driver’s license numbers, medical IDs, phone numbers, medical record numbers, Medicare Beneficiary Identifier ID numbers, health savings account information, International Classification of Disease (ICD) codes, and National Provider Identifier numbers.

VITAS disclosed the data breach to the California and Texas Attorney Generals' offices on or prior to Nov. 21, 2025, and to the U.S. Department of Health and Human Services on Nov. 24, 2025.

VITAS Hospice Services’ response

Given the sensitivity of the data, the company is offering affected individuals complimentary credit monitoring and identity protection services for 24 months through Epiq. These services include one-bureau credit monitoring, Social Security number monitoring, dark web monitoring, change of address monitoring, credit freeze assistance, identity restoration, lost wallet assistance, up to $1 million in identity theft insurance, and monitoring for healthcare IDs, medical record numbers, ICD codes, National Provider Identifier numbers, and health savings account information.

Individuals who receive a notification are encouraged to enroll in the provided credit and identity monitoring services as soon as possible. In addition, affected persons should remain vigilant by reviewing account statements and credit reports for suspicious activity, consider placing a fraud alert or security freeze on their credit files, and report any suspected identity theft to law enforcement or the Federal Trade Commission.

The company’s call center is available for questions at 855-403-1586, Monday through Friday, 9 a.m. to 9 p.m. Eastern Time, excluding U.S. holidays.