Cherry Health Data Breach Exposes Social Security Numbers and Health Records

Healthcare data breach illustration
Breach Discovery: 19th April 2026Breach Notification: 18th June 2026

What Happened in the Cherry Health Data Breach?

Cherry Health, formally known as Cherry Street Services Inc., has confirmed a data breach that may affect current and former patients as well as current and former staff members. The organization first detected suspicious activity on its network on or about April 19, 2026. As a result, Cherry Health moved quickly to secure its systems and limit further exposure.

Following the discovery, Cherry Health launched an investigation with help from third-party cybersecurity specialists. That investigation determined that an unauthorized individual accessed and copied certain information stored on the organization’s network. Because the intrusion involved sensitive files, Cherry Health treated the matter as a serious security event from the start.

In response, the organization began a comprehensive review of the affected data. This review, conducted alongside outside experts, aims to determine exactly what information was involved and which individuals are affected. However, at the time Cherry Health posted its preliminary notice on June 18, 2026, that review had not yet been completed.

Because the full scope of the incident remains under investigation, Cherry Health has not yet disclosed a total number of affected individuals. The organization stated it will provide more specific details once its data review concludes. This phased approach explains why the current notice is described as preliminary rather than final.

Who was affected?

The Cherry Health data breach may affect a broad range of people connected to the organization. This includes current and former patients who received care through Cherry Health, as well as current and former employees whose information was stored on the network. Because Cherry Health provides community health services, the affected population could include families across multiple generations.

The exact number of impacted individuals has not been publicly disclosed. Cherry Health has said that the potentially impacted information varies from person to person. For example, some individuals may have had several categories of data exposed, while others may have had only one type involved.

Given that Cherry Health serves patients through community health programs, it’s possible that minors and dependents are among those affected. The organization has not specified the geographic scope beyond its Michigan-based operations. As the review continues, more details about the affected population are expected to emerge.

What Information Was Potentially Exposed?

According to Cherry Health’s notification, several categories of personal and health-related information may have been exposed. Because the breach involved a healthcare provider, the data at risk includes both identity information and medical details. The following list reflects the specific data types Cherry Health identified.

  • Full names
  • Home addresses
  • Phone numbers
  • Dates of birth
  • Health insurance information
  • Health insurance ID numbers
  • Patient ID numbers
  • Provider names
  • Service dates
  • Social Security numbers

This combination of data creates significant risk for those affected. In particular, the exposure of Social Security numbers alongside names and dates of birth gives criminals nearly everything needed to open fraudulent credit accounts or file false tax returns. Because this data rarely changes, the risk of misuse can persist for years after a breach.

In addition to identity theft, the exposure of health insurance details and patient ID numbers raises the risk of medical identity theft. This means a criminal could potentially use stolen insurance information to obtain medical services or prescriptions under someone else’s name. As a result, affected individuals should watch not only their credit reports but also their medical billing statements and insurance explanations of benefits.

What is the company doing?

Cherry Health has stated that it takes this incident and the security of the information it holds very seriously. Immediately after detecting the suspicious activity, the organization secured its network environment. It then brought in third-party specialists to investigate the nature and scope of the unauthorized access.

Looking ahead, Cherry Health is working to implement additional safeguards designed to reduce the likelihood of a similar event occurring again. The organization also says it currently has no evidence that any exposed information has been used for identity theft or fraud. Nevertheless, Cherry Health is offering guidance and resources to help affected individuals protect their personal information.

Cherry Health has committed to sending individual written notification letters once its comprehensive data review is complete. Each letter will specify exactly which types of information were involved for that person. Once those letters go out, call center representatives will be available to answer questions from affected individuals.

The preliminary notice was published in both English and Spanish, reflecting the diverse community Cherry Health serves. Importantly, the organization confirmed that the notification process was not delayed by law enforcement. This suggests Cherry Health moved to inform the public as soon as it reasonably could.

What Should Affected Individuals Do?

Monitor Your Credit Reports Closely

Anyone connected to Cherry Health, whether as a patient or employee, should begin monitoring their credit reports right away. Because Social Security numbers were potentially exposed, criminals could attempt to open new credit accounts using stolen identities. Regularly checking your credit report helps you catch this kind of activity early.

You can request free credit reports from each of the three major credit bureaus. In addition, many banks and credit card companies offer free credit monitoring tools. If you notice any unfamiliar accounts or inquiries, report them immediately to the credit bureau and consider contacting a data breach attorney for guidance.

Consider a Fraud Alert or Credit Freeze

Given that Social Security numbers were involved in this breach, placing a fraud alert or credit freeze is a smart precaution. A fraud alert requires lenders to verify your identity before opening new credit in your name. This extra step can stop identity thieves before they succeed.

A credit freeze goes even further by restricting access to your credit file entirely. As a result, most creditors won’t be able to open new accounts in your name until you lift the freeze. Both options are free to set up with each credit bureau, and you can remove them whenever you need to apply for new credit yourself.

Watch for Signs of Medical Identity Theft

Because health insurance information and patient ID numbers were potentially exposed, affected individuals should also watch for medical identity theft. This can happen when someone uses stolen insurance details to receive care or medication under another person’s name. Unfortunately, this type of fraud can be harder to detect than financial fraud.

To guard against this, carefully review any explanation of benefits statements from your health insurer. If you notice services or claims you don’t recognize, contact your insurance provider immediately. You should also request a copy of your medical records periodically to confirm they accurately reflect your own care history.

Stay Alert for Phishing Attempts

After any healthcare data breach, scammers often try to exploit the situation through phishing emails, texts, or phone calls. These messages may pretend to be from Cherry Health or a credit monitoring service in order to trick you into revealing more personal information. Therefore, it’s important to stay cautious about unexpected communications.

Never click on links or provide personal details in response to unsolicited messages. Instead, verify any communication by contacting Cherry Health directly using its official phone number. If something feels off, it’s always safer to independently confirm before responding.

Keep Records and Seek Legal Guidance if Needed

Once Cherry Health sends its individual notification letters, keep copies of everything you receive. This documentation can be important if you later discover fraudulent activity linked to this breach. In addition, saving these records makes it easier to demonstrate harm if you decide to pursue legal action.

If you experience financial losses or medical identity theft as a result of this incident, consider speaking with a data breach attorney. Many offer free consultations to help you understand your rights and options. This step can also help you determine whether you’re eligible to join or file a claim related to this breach.



More Information

Cherry Health

notice on its website

Related Data Breaches