What Happened in the Share Ourselves Data Breach?
Share Ourselves, a nonprofit healthcare organization based in Orange County, California, recently notified patients about a data breach tied to one of its vendors. The Share Ourselves data breach did not originate within its own systems. Instead, it stemmed from unauthorized access to the network of TriZetto Provider Solutions (TPS), a billing services company that supports Share Ourselves and other healthcare providers.
According to the disclosed timeline, the unauthorized access occurred sometime between Nov. 1, 2024, and Oct. 2, 2025. TPS first detected suspicious activity on Oct. 2, 2025. This means the intrusion may have persisted for nearly a year before it was identified, giving an unauthorized party a long window of potential access to sensitive patient data.
After detecting the suspicious activity, TPS launched an internal investigation to determine the scope of the incident. As a result of that investigation, TPS notified Share Ourselves on Dec. 15, 2025, that patient information had been affected. Share Ourselves then reported the breach to the California Attorney General’s office on Dec. 26, 2025, and began coordinating with TPS to notify impacted individuals by mail.
Who was affected?
The Share Ourselves data breach affects patients of the nonprofit organization whose billing information passed through TPS. Because TPS provides services to many healthcare providers beyond Share Ourselves, the underlying TriZetto Provider Solutions breach may have a much broader reach. However, this report focuses on the patients specifically connected to Share Ourselves.
The exact number of affected individuals has not been publicly disclosed. What is known is that many Share Ourselves patients were affected, based on the notification TPS provided to the organization. Since Share Ourselves serves the Orange County community, the impacted population is likely concentrated in that region, though patients could reside elsewhere.
What Information Was Potentially Exposed?
The data compromised in this breach spans several sensitive categories. Because TPS handles billing and insurance processing, the exposed information includes both personal identifiers and detailed healthcare records.
- Full names
- Home addresses
- Dates of birth
- Social Security numbers
- Health insurance member numbers, which for some individuals may be a Medicare beneficiary identifier
- Provider names
- Health insurer names
- Primary insured information
- Other demographic details
- Health information and health insurance information
This combination of data is especially concerning because it includes both financial identifiers and medical details. For example, a Social Security number paired with a date of birth gives criminals nearly everything needed to open new credit accounts or file fraudulent tax returns. In addition, exposed Medicare beneficiary identifiers could be used to commit healthcare fraud.
Beyond identity theft, the exposure of health insurance and medical information creates a separate risk. Criminals sometimes use stolen health insurance details to receive medical treatment under someone else’s name. As a result, victims can end up with incorrect medical records or unexpected bills tied to services they never received.
What is the company doing?
After learning of the breach from TPS, Share Ourselves worked to gather more information about the scope of the incident. The organization wanted to determine whether patient data faced any continuing threat. According to Share Ourselves, TPS has assured the organization that there is no further threat at this time.
Share Ourselves is now coordinating with TPS to make sure affected individuals receive proper notification and support. In the coming weeks, impacted patients should expect a separate letter directly from TPS. This letter will explain the incident in more detail and include instructions for accessing mitigation services, such as free credit monitoring.
Until that letter arrives, Share Ourselves has set up a dedicated phone line for patients with questions. Anyone with concerns can call 949-536-3987 to speak with the organization directly. This step gives patients a way to get answers even before they receive formal notice from TPS.
What Should Affected Individuals Do?
Monitor Your Credit Reports Closely
Because Social Security numbers were exposed, affected individuals should check their credit reports regularly. You can request free reports from each of the three major credit bureaus. Reviewing these reports helps you catch unfamiliar accounts or inquiries early.
If you notice any unrecognized activity, dispute it immediately with the credit bureau involved. In addition, consider spacing out your free reports throughout the year so you have consistent visibility into your credit file. This ongoing vigilance is one of the simplest ways to catch identity theft before it causes lasting damage.
Consider a Fraud Alert or Credit Freeze
Given that Social Security numbers were part of this breach, placing a fraud alert or credit freeze is a smart precaution. A fraud alert requires lenders to verify your identity before opening new credit in your name. A credit freeze goes further by blocking most access to your credit file entirely.
Both options are free to set up with each credit bureau. Because criminals sometimes wait months before using stolen data, keeping a freeze or alert active for an extended period offers stronger protection. This is especially important given how long the unauthorized access to TPS systems went undetected.
Watch for Signs of Medical or Insurance Fraud
Since health insurance and medical information were exposed, affected individuals should also review insurance statements carefully. Look for unfamiliar claims, unknown provider visits or services you never received. If anything looks off, contact your insurer right away.
Medicare beneficiaries should be especially cautious. Review your Medicare summary notices and report anything suspicious to Medicare directly. Catching fraudulent medical claims early can prevent complications with your actual medical records and coverage down the line.
Stay Alert for Phishing Attempts
After a breach like this, scammers often follow up with phishing emails, texts or phone calls. These messages may pretend to be from Share Ourselves, TPS or even a credit bureau. Never click on links or share personal information in response to unsolicited contact.
Instead, verify any communication by contacting the organization directly using a known phone number or website. If you receive a suspicious message referencing this breach, report it and delete it. Staying cautious now can prevent a second wave of fraud tied to the original incident.
Take Advantage of Free Credit Monitoring
TPS has indicated that affected individuals will receive instructions on accessing free credit monitoring services. Once you receive that letter, enroll promptly to take advantage of this protection. Credit monitoring services can alert you quickly if new accounts appear in your name.
While you wait for the letter, it helps to keep an eye on your existing accounts manually. Once enrolled, however, monitoring services add an extra layer of protection with less ongoing effort on your part. Consulting a data breach attorney can also help you understand what additional options may be available given the sensitivity of the exposed information.
More Information
Official Notice from Shareourselves
Official State Attorney General Notification
