CenterWell, a healthcare services provider owned by Humana, has reported a data breach affecting approximately 9,651 individuals across the United States. The incident exposed sensitive personal and medical information, including financial account details belonging to some patients.
According to notifications submitted to state regulators and federal authorities, the breach affected at least 4,618 Texas residents. The company has also reported the incident to the U.S. Department of Health and Human Services (HHS) and the Massachusetts Office of Consumer Affairs and Business Regulation.
Healthcare data breaches can create significant risks for affected individuals because they often involve a combination of personally identifiable information (PII), protected health information (PHI), and financial information. Such information may be valuable to cybercriminals seeking to commit identity theft, insurance fraud, or financial fraud.
What Happened?
CenterWell disclosed that an incident resulted in unauthorized access to sensitive patient information. While the company has not publicly released extensive technical details regarding the intrusion, regulatory filings confirm that personal and health-related information was exposed.
The breach was significant enough to trigger notification requirements under state privacy laws and federal healthcare regulations.
Organizations in the healthcare sector remain attractive targets for cybercriminals because they maintain extensive patient records containing personal, medical, and financial information. When these systems are compromised, affected individuals may face long-term privacy and identity theft concerns.
What Information Was Exposed?
According to regulatory disclosures, the compromised information may include:
- Full names
- Home addresses
- Dates of birth
- Medical information
- Credit card numbers
- Debit card numbers
The combination of healthcare and financial information can significantly increase the potential risks for affected individuals.
Why This Information Matters
Medical information is particularly sensitive because it often cannot be changed like a password or credit card number. Criminals may use stolen health information to:
- Commit medical identity theft
- Submit fraudulent insurance claims
- Obtain healthcare services under another person’s identity
- Access additional personal information
Financial information, such as credit or debit card numbers, may also expose victims to unauthorized transactions and account fraud.
How Many People Were Affected?
CenterWell reported that approximately 9,651 individuals were affected nationwide.
Among those impacted, 4,618 Texas residents were identified in notifications submitted to the Texas Attorney General’s Office.
The total number of affected individuals may increase if ongoing investigations uncover additional impacted records.
CenterWell’s Response
Following the discovery of the incident, CenterWell notified regulators and affected individuals as required by law.
The company has encouraged potentially affected patients to remain vigilant for signs of suspicious activity involving their personal, medical, or financial information.
Individuals who receive notification letters should carefully review the information provided to determine exactly which data elements were involved in their specific case.
Affected consumers may also visit CenterWell’s website for additional information regarding the incident and available support resources.
Steps Affected Individuals Should Take
Anyone who believes they may have been affected by the CenterWell data breach should consider taking the following precautions:
Monitor Financial Accounts
Review bank accounts, credit card statements, and other financial accounts regularly for unauthorized transactions.
Review Medical Records
Check health insurance statements and explanation-of-benefits documents for unfamiliar services or claims.
Monitor Credit Reports
Consumers can obtain free credit reports from the major credit reporting agencies and watch for suspicious activity.
Consider a Fraud Alert
A fraud alert can help notify creditors that additional identity verification may be necessary before opening new accounts.
Watch for Phishing Attempts
Cybercriminals frequently use stolen information to create convincing phishing emails, text messages, or phone calls.
Steps Affected Individuals Should Take
Anyone who believes they may have been affected by the CenterWell data breach should consider taking the following precautions:
Monitor Financial Accounts
Review bank accounts, credit card statements, and other financial accounts regularly for unauthorized transactions.
Review Medical Records
Check health insurance statements and explanation-of-benefits documents for unfamiliar services or claims.
Monitor Credit Reports
Consumers can obtain free credit reports from the major credit reporting agencies and watch for suspicious activity.
Consider a Fraud Alert
A fraud alert can help notify creditors that additional identity verification may be necessary before opening new accounts.
Watch for Phishing Attempts
Cybercriminals frequently use stolen information to create convincing phishing emails, text messages, or phone calls.
Growing Concerns About Healthcare Data Breaches
Healthcare organizations continue to face increasing cybersecurity threats. Patient records often contain a comprehensive collection of personal data, making them especially valuable on underground criminal marketplaces.
Recent years have seen a rise in ransomware attacks, phishing campaigns, and unauthorized access incidents targeting healthcare providers across the United States.
Because healthcare records often contain permanent identifiers and detailed medical histories, affected individuals may face risks long after a breach is discovered.
Can Affected Individuals Take Legal Action?
Individuals affected by a data breach may have legal rights depending on the circumstances surrounding the incident and applicable state laws.
Organizations that collect sensitive personal and medical information have a responsibility to implement reasonable safeguards to protect that data. When security failures result in unauthorized access to patient information, affected individuals sometimes pursue legal action seeking compensation for damages, lost time, out-of-pocket expenses, and privacy harms.
Patients who received a notification from CenterWell may wish to retain any correspondence related to the incident and document any financial losses or suspicious activity that occurs following the breach.
Find a Data Breach Lawyer
