Innovative Scientific Solutions Data Breach Exposes Social Security Numbers and Medical Records

Manufacturing data breach illustration
Breach Discovery: 6th September 2025Breach Notification: 31st March 2026

What Happened in the Innovative Scientific Solutions Data Breach?

Innovative Scientific Solutions LLC, a defense and space industry company based in Greenville, South Carolina, has disclosed a data breach that compromised sensitive personal and health information. The Innovative Scientific Solutions data breach affected more than 140,000 individuals across multiple states. This incident highlights the growing risk facing companies that handle both defense-related work and employee health data.

According to the company’s disclosure, an unauthorized third party gained access to its computer network on or around September 6, 2025. The intrusion was detected at that time, which prompted the company to launch an internal review. However, it took several more months to fully understand the scope of what had happened.

Following detection, Innovative Scientific Solutions began a forensic analysis paired with an extensive manual review of documents stored on the affected systems. This process ultimately determined that files had been removed from the network by the unauthorized actor. As a result, the company determined on March 31, 2026, that personal information had in fact been compromised.

Because the investigation involved a detailed document-by-document review, the timeline between detection and final confirmation stretched across several months. This is common in breaches involving large volumes of files with mixed personal and health data. In response, the company then moved to notify regulators and affected individuals once the review concluded.

Who was affected?

The breach affected a total of 143,842 individuals nationwide, based on figures reported to federal health regulators. Within that total, state-level breach notifications identified 15,283 South Carolina residents, 2,823 Texas residents, 192 Massachusetts residents, and three New Hampshire residents. Additional affected individuals in other states may exist, though specific counts for every state have not been publicly disclosed.

Given that Innovative Scientific Solutions operates in the defense and space sector, those affected likely include employees, contractors, or individuals connected through health insurance or benefits programs tied to the company. The exposed data included medical and health insurance details, which suggests the impacted population may include current or former employees and their dependents. Whether minors are among those affected has not been publicly disclosed.

What Information Was Potentially Exposed?

The information exposed in this breach spans both general personal identifiers and detailed health-related records. This combination increases the potential impact for affected individuals, since both financial fraud and medical fraud become possible risks.

  • Full names
  • Dates of birth
  • Social Security numbers
  • Health insurance policy numbers and subscriber numbers
  • Medical history
  • Medical records
  • Medical conditions, treatments, and diagnoses
  • Dates of service
  • Telephone numbers
  • Prescription information

Because Social Security numbers were exposed, affected individuals face a heightened risk of identity theft. Criminals can use this information to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. As a result, even individuals who feel unaffected today could see fraudulent activity appear months or years from now.

In addition to identity theft, the exposure of medical records and health insurance details creates a distinct risk of medical identity theft. This means someone could use a victim’s health insurance information to receive medical treatment or services fraudulently. Consequently, affected individuals should watch closely for unfamiliar medical bills or insurance claims that do not match their own care history.

What is the company doing?

After discovering the intrusion, Innovative Scientific Solutions launched a forensic investigation to determine exactly what happened and which files were affected. The company also conducted a manual review of documents to confirm which individuals had personal information involved. Once this process was complete, the company disclosed the breach to the attorneys general of Massachusetts, New Hampshire, South Carolina, and Texas. It also notified the U.S. Department of Health and Human Services, given the involvement of protected health information.

To help affected individuals respond, Innovative Scientific Solutions is offering a complimentary membership to Experian IdentityWorks Credit 3B for those whose Social Security numbers were involved. This service includes Experian IdentityWorks ExtendCare, which continues to provide identity restoration support even after the membership period ends. The offer also includes $1 million in identity theft insurance coverage. Additionally, the company has set up a dedicated toll-free response line, available Monday through Friday from 9 a.m. to 9 p.m. Eastern time, so individuals can ask questions about the incident.

What Should Affected Individuals Do?

Place a Fraud Alert or Credit Freeze

Because this breach involved Social Security numbers, affected individuals should strongly consider placing a fraud alert or a full credit freeze on their credit files. A credit freeze restricts access to your credit report, which makes it harder for identity thieves to open new accounts in your name. You can contact Equifax, Experian, or TransUnion directly to start this process.

A fraud alert, meanwhile, requires creditors to take extra steps to verify your identity before extending new credit. This option is less restrictive than a freeze but still adds meaningful protection. Either way, acting quickly reduces the window of opportunity for criminals to misuse exposed Social Security numbers.

Monitor Your Credit Reports Closely

Affected individuals should request free credit reports through AnnualCreditReport.com or by calling the number provided by the credit bureaus. Reviewing these reports regularly helps you spot unfamiliar accounts or credit inquiries early. This is especially important in the months following a breach involving Social Security numbers.

If you notice any suspicious activity, you should dispute it immediately with the relevant credit bureau. Early detection often makes the recovery process faster and less stressful. For this reason, setting a recurring reminder to check your credit report is a smart habit to build.

Watch for Medical Identity Theft

Since medical records, health insurance policy numbers, and prescription information were exposed, affected individuals should carefully review Explanation of Benefits statements from their health insurers. These statements list services billed under your name, so any unfamiliar entries could signal fraudulent use of your health insurance information. This type of fraud can be harder to detect than traditional financial fraud.

In addition, individuals should request a year-to-date report of services from their health insurance provider. This report gives a fuller picture of what has been billed under your policy. If anything looks unfamiliar, you should follow up directly with your insurer to investigate further.

Stay Alert for Phishing Attempts

Following any major data breach, scammers often try to exploit public awareness of the incident. Affected individuals should be cautious of unsolicited calls, emails, or texts referencing Innovative Scientific Solutions or this specific breach. These messages may try to trick recipients into revealing even more personal information.

Because scammers often pose as legitimate representatives, it’s wise to verify any contact independently before responding. Never click on links or provide personal details in response to unexpected messages. Instead, contact the company directly using verified contact information if you have concerns about a specific communication.

Report Signs of Identity Theft

If you notice any indication that your personal information has been misused, you should report it to the Federal Trade Commission at ftc.gov/idtheft or by calling their hotline. The FTC can help guide you through the recovery process and create a personalized recovery plan. Prompt reporting can also help limit further damage.

Beyond reporting to the FTC, affected individuals may also want to speak with a data breach attorney to understand their legal options. An attorney can help evaluate whether you qualify for compensation related to this breach. This step is especially worth considering given the sensitive combination of financial and medical data involved.



More Information

Official Notice from Innssi

HHS Office for Civil Rights Breach Notification Portal

Official Data Breach Notification Letter (PDF)

Official State Attorney General Notification

Official Notice from Mass

Official Data Breach Notification Letter (PDF)

Related Data Breaches