Serviceaide Data Breach Exposes Social Security Numbers and Medical Records

Healthcare data breach illustration
Breach Discovery: 15th November 2024Breach Notification: 9th May 2025

What Happened in the Serviceaide Data Breach?

The Serviceaide data breach involved unauthorized access to systems holding sensitive patient information. Serviceaide provides AI-powered service delivery tools, and it worked under contract with Catholic Health, a nonprofit healthcare system based in Buffalo, New York. Because this contract required access to patient records, the breach exposed data belonging to Catholic Health patients rather than Serviceaide’s own customers.

According to the investigation, an unauthorized third party gained access to Serviceaide’s network from September 19, 2024, through November 5, 2024. Serviceaide identified the unauthorized access on or around November 15, 2024. This means the intrusion went on for roughly seven weeks before it was detected.

After discovering the incident, Serviceaide launched a forensic investigation to determine the scope of the compromise. As a result of that investigation, the company determined that a database containing records for approximately 483,000 Catholic Health patients had potentially been accessed or obtained. Serviceaide then began the process of notifying affected individuals, which was completed by May 9, 2025.

In response to the notifications, eleven separate class action lawsuits were filed against Serviceaide. These cases were later consolidated into a single lawsuit, Nancy Balzer, et al. v. Serviceaide, Inc., in the Supreme Court of the State of New York, Nassau County. The consolidated complaint alleged negligence, breach of implied contract, unjust enrichment, invasion of privacy, and violations of California’s Unfair Competition Law.

Who was affected?

The Serviceaide data breach affected patients of Catholic Health, a healthcare system that operates hospitals, nursing homes, home care agencies, and physician practices across Western New York. Because Serviceaide handled data on Catholic Health’s behalf, the exposed individuals were patients rather than employees of either organization.

Approximately 483,000 people had their information potentially accessed or obtained during the breach. This is a large-scale healthcare data exposure that likely includes patients across a wide range of ages, including possibly minors who received care through Catholic Health facilities. The geographic scope centers on Western New York, though patients who have since moved could be affected in other states as well.

What Information Was Potentially Exposed?

The compromised database held a wide range of sensitive personal and medical details. Because the exposed data spans both identity and health information, the risks facing affected patients are significant and long-lasting.

  • Full names
  • Dates of birth
  • Social Security numbers
  • Medical and health information
  • Treatment information
  • Health insurance information
  • Email addresses and usernames
  • Account passwords

This combination of data creates serious identity theft risk. For example, a Social Security number paired with a full name and date of birth gives criminals nearly everything needed to open new credit accounts, file fraudulent tax returns, or apply for loans in a victim’s name.

In addition to financial fraud risk, the exposure of medical and treatment information raises the possibility of medical identity theft. This can happen when someone uses stolen health insurance details to obtain treatment or prescriptions under another person’s name. Because exposed passwords were also involved, affected individuals face a heightened risk of account takeover if they reused login credentials across other websites.

What is the company doing?

After discovering the unauthorized access, Serviceaide conducted a forensic investigation to determine what happened and which records were affected. Following that investigation, the company notified affected patients about the breach, informing them of the specific types of data involved. Serviceaide has denied any wrongdoing and disputes the claims made against it in the consolidated lawsuit.

However, rather than continue prolonged litigation, Serviceaide chose to pursue a settlement to resolve the claims. As a result, the company agreed to establish a $1.8 million settlement fund. This fund will cover attorneys’ fees, administration and notification costs, service awards for class representatives, and payments to eligible class members who file valid claims.

Settlement Details

Under the settlement, class members can choose between two payment options. The first allows for reimbursement of documented, unreimbursed losses tied to fraud or identity theft resulting from the breach, up to a maximum of $5,000. The second offers a flat cash payment, estimated at around $50 per claim, which will be paid pro rata after loss-reimbursement claims are settled.

The deadline to submit a claim is September 1, 2026. A final fairness hearing is scheduled for September 16, 2026, and the deadline to object or opt out of the settlement is August 17, 2026. Anyone who believes they were affected should review their notification letter closely for specific filing instructions.

What Should Affected Individuals Do?

Monitor Your Credit Reports Regularly

Affected individuals should check their credit reports for unfamiliar accounts or inquiries. Because Social Security numbers were exposed, criminals could attempt to open new lines of credit using stolen identities.

You can request free credit reports from all three major bureaus and review them for suspicious activity. In addition, consider spacing out your requests throughout the year so you can monitor your credit consistently rather than only checking once.

Consider a Credit Freeze or Fraud Alert

Because financial and identity data were part of this breach, placing a credit freeze with Equifax, Experian, and TransUnion is a strong protective step. A freeze prevents new creditors from accessing your credit file, which makes it much harder for identity thieves to open accounts in your name.

Alternatively, a fraud alert requires creditors to verify your identity before extending new credit. This option is less restrictive than a freeze but still adds an important layer of protection. Either step can be done for free and can be lifted later if needed.

Protect Against Medical Identity Theft

Because medical and health insurance information was exposed, affected patients should watch for unusual insurance claims or bills for care they never received. Reviewing your explanation of benefits statements regularly can help you catch fraudulent activity early.

If you notice unfamiliar charges or medical records that don’t match your history, contact your health insurance provider immediately. Reporting these issues quickly can limit the damage and help correct your medical records before problems compound.

Stay Alert for Phishing Attempts

Because names, emails, and passwords were exposed, affected individuals may become targets of phishing emails or texts. These messages often impersonate legitimate companies to trick victims into revealing more personal information.

As a precaution, avoid clicking links or downloading attachments from unexpected messages, especially those referencing this breach. Instead, go directly to the official website of any organization mentioned to verify communications are legitimate.

Update Passwords and Enable Two-Factor Authentication

Since account passwords were part of the exposed data, it’s important to change your password immediately, particularly if you reused it on other sites. Choose a strong, unique password for every account going forward.

In addition, enabling two-factor authentication adds another layer of security beyond just a password. This makes it significantly harder for anyone with your stolen credentials to gain access to your accounts, even if they already know your password.



Related Data Breaches