.png)
Insightin Health Data Breach Lawsuit Investigation
Shamis & Gentile P.A., one of the nation's premier class action law firms specializing in data breach cases, is investigating the Insightin Health data breach.
If you were affected by the data breach, your sensitive personally identifiable information may have been exposed, and you may be eligible for compensation.
About Insightin Health
Insightin Health is a healthcare technology company based in Baltimore, Maryland. Founded in 2016, the company focuses on providing data-driven, AI-powered solutions for health insurers and payers.
With a reported staff of fewer than 50 employees, Insightin Health works primarily with health insurers, including Medicare Advantage and Managed Medicaid plans.
What Happened?
In September 2025, Insightin Health discovered suspicious activity in its networked environment. An unauthorized actor exploited a previously unknown vulnerability in a third-party application, gaining access to the company’s network.
The breach took place between Sept. 17, 2025, and Sept. 23, 2025. After identifying the incident, Insightin Health worked with forensic specialists to investigate the scope and impact of the breach.
Their investigation revealed that certain files stored on a limited number of Insightin Health servers may have been accessed or copied by the unauthorized party.
The ransomware group MEDUSA claimed responsibility for the attack, stating they obtained 378 GB of data and threatened to publish it on the dark web. The incident was posted on a Tor network on Sept. 26, 2025.
By December 2025, the company notified its clients and began reaching out to potentially impacted individuals. The breach was reported to the Vermont Attorney General on Jan. 29, 2026.
Information Exposed:
- Names
- Dates of birth
- Administrative data
- Non-unique identifiers assigned by health insurance providers
- Contract numbers
- Medicare Beneficiary Identifiers issued by the Centers for Medicare and Medicaid
- Information associated with attributed providers
- Member cards issued by health insurance providers
- Clinical information
- Other limited contact information
Your Rights and Next Steps
If you received a notice about this breach, it is important to know your rights and take action to protect yourself.
Insightin Health has offered affected individuals twelve months of complimentary credit monitoring through Cyberscout, a TransUnion company. To enroll, follow the instructions provided in your notification letter.
You are encouraged to:
- Remain vigilant by regularly reviewing account statements and monitoring credit reports for suspicious activity
- Request a free credit report from each of the three major credit bureaus (Equifax, Experian and TransUnion)
- Consider placing a fraud alert or credit freeze on your credit file to prevent unauthorized use of your information
- Report any suspected identity theft to law enforcement and your state attorney general
You May Be Entitled to Compensation
If your information was compromised in the Insightin Health data breach, you may be eligible for compensation. Lawyers are ready to help affected individuals understand their options and pursue claims for damages resulting from this incident.
If you believe you were impacted, complete the below form to find out if you qualify to join a lawsuit.
.svg)