Wellcare Data Breach Compromises PII & PHI

Wellcare Health Plans, Inc. recently reported a data breach that exposed both personally identifiable information (PII) and protected health information (PHI), which can be used for identity theft or insurance fraud if obtained by unauthorized parties.

According to a disclosure filed with the Texas Attorney General’s office on Dec. 7, 2025, the breach impacted 325 people in the state. However, the investigation is ongoing, and the number of affected individuals is subject to change. The types of information exposed includes names, addresses, dates of birth and health insurance information.

The exact method by which the breach occurred has not been publicly detailed, and there is no information yet about whether the incident involved hacking, unauthorized access, or another cause. The data involved suggests the compromised information may have belonged to current or former Wellcare members and included highly sensitive health and personal details.

Wellcare’s response

In response to the incident, Wellcare notified affected individuals by mail and through a dedicated website notice. While specific details about additional support services were not included in the public disclosure, it is common for health insurers to provide resources such as credit monitoring or identity theft protection following breaches that involve PII and PHI.

If you believe your personal information may have been compromised in this breach:

• Carefully review any notice or communication you receive from Wellcare or a company that does business with Wellcare.
• Monitor financial accounts and credit reports for signs of identity theft.
• Consider placing fraud alerts or credit freezes with the major credit bureaus.
• Be cautious of unsolicited emails or phone calls requesting personal information.