What Happened in the Amicus Solutions Data Breach?
Amicus Solutions Inc., an IT and technology services company doing business as Fedora Solutions, has disclosed a data breach affecting sensitive personal and health information. The Amicus Solutions data breach involved unauthorized access to the company’s network. As a result, personal and medical details belonging to over a thousand people were compromised.
According to the company’s breach notification, Amicus Solutions first noticed suspicious activity on its network on or around April 2, 2026. Because of this discovery, the company launched an investigation to determine the scope of the intrusion. That investigation revealed that unauthorized access to the network had actually occurred earlier, between February 2 and February 18, 2026.
This gap between the actual intrusion and its discovery is common in data breach cases. In many incidents, attackers gain access to systems weeks or even months before anyone notices. As a result, Amicus Solutions worked with investigators to piece together exactly what happened and which files were accessed during that window.
Following the forensic investigation, Amicus Solutions determined that the breach compromised a mix of personal and health-related data. The company then notified the Massachusetts Office of Consumer Affairs and Business Regulation on June 4, 2026. In addition, the incident was reported to the U.S. Department of Health and Human Services, which tracks breaches involving protected health information.
Who was affected?
The Amicus Solutions data breach affected 1,137 individuals across the United States, according to figures reported to the Department of Health and Human Services. This number reflects everyone whose personal or health information was confirmed to be part of the exposed data.
Because Amicus Solutions provides IT and technology services, the affected individuals could include clients, employees of client organizations, or patients whose data was handled through the company’s services. The notification does not specify a particular industry or relationship, so it hasn’t been publicly disclosed exactly how each individual’s information came to be stored on the compromised systems.
Given that protected health information was involved, it’s likely that at least some affected individuals were connected to a healthcare-related client of Amicus Solutions. However, the exact breakdown of patients versus other affected parties hasn’t been publicly disclosed. Anyone unsure whether they were affected should watch for an official notification letter from the company.
What Information Was Potentially Exposed?
The data compromised in this breach spans several categories of sensitive information. This combination of personal and health data raises the stakes for affected individuals, since it goes well beyond basic contact details.
- First and last name
- Email address
- Phone number
- Date of birth
- Gender
- Social Security number
- Medical data
- Health insurance information
With Social Security numbers exposed, affected individuals face a heightened risk of identity theft. Criminals can use this information to open new credit accounts, file fraudulent tax returns, or apply for loans in someone else’s name. Because a Social Security number rarely changes, this type of exposure can create risks that last for years.
The exposure of medical data and health insurance information adds another layer of concern. Fraudsters can use this information to commit medical identity theft, such as submitting fake insurance claims or obtaining medical services under someone else’s name. In addition, combined with a full name and date of birth, this data could be used to craft convincing phishing messages that trick victims into revealing even more information.
What is the company doing?
After confirming the breach, Amicus Solutions took steps to notify affected individuals and regulators. The company reported the incident to the Massachusetts Office of Consumer Affairs and Business Regulation and to federal health authorities, as required by law. This transparency allows affected individuals and regulators to understand the scope of the incident.
In response to the breach, Amicus Solutions is offering affected individuals 24 months of complimentary identity protection services through Cyberscout. Individuals must enroll within 90 days of the date on their notification letter to receive this coverage. The company has also set up a dedicated assistance line, available Monday through Friday from 8:00 a.m. to 8:00 p.m. Eastern Time, excluding major U.S. holidays, for anyone with questions about the incident.
What Should Affected Individuals Do?
Enroll in the Identity Protection Services Offered
Affected individuals should take advantage of the complimentary identity protection services being offered through Cyberscout. This service can help detect unusual activity tied to a person’s identity before it turns into a larger problem. Enrollment must happen within 90 days of the date on the notification letter, so acting quickly matters.
Because the deadline is time-sensitive, it’s worth setting a reminder to complete enrollment as soon as the letter arrives. Many people delay signing up for these services and later miss the window. Taking a few minutes now can provide meaningful protection for the next two years.
Monitor Credit Reports and Financial Accounts
Everyone affected by this breach should regularly check their credit reports for unfamiliar accounts or inquiries. Under federal law, consumers can request a free credit report from each of the three major credit bureaus. Reviewing these reports on a rotating basis throughout the year can help catch fraud early.
In addition to credit reports, affected individuals should monitor bank and credit card statements closely. Look for small, unfamiliar charges, since fraudsters sometimes test stolen information with tiny transactions before attempting larger fraud. If anything looks suspicious, contact the financial institution immediately.
Consider a Fraud Alert or Credit Freeze
Because Social Security numbers were exposed, affected individuals should strongly consider placing a fraud alert or credit freeze on their credit files. A fraud alert warns lenders to take extra steps to verify identity before approving new credit. A credit freeze goes further, blocking most access to a credit report entirely.
To place a freeze, individuals need to contact each of the three major credit bureaus separately. While this step requires a bit of effort, it offers strong protection against someone opening new accounts using a stolen identity. Freezes can be lifted temporarily whenever a person needs to apply for credit themselves.
Protect Against Medical Identity Theft
Since medical data and health insurance information were part of this breach, affected individuals should watch for signs of medical identity theft. This includes reviewing explanation of benefits statements from health insurers for unfamiliar treatments or providers. It also means checking medical records periodically for inaccuracies that could indicate fraud.
If someone notices unfamiliar claims or medical records, they should contact their health insurance provider right away. Reporting the issue quickly can prevent incorrect information from becoming part of a permanent medical history. This step matters because medical identity theft can be harder to detect and resolve than financial fraud.
Stay Alert for Phishing Attempts
Following any data breach, affected individuals often become targets of phishing emails, texts, or phone calls. Scammers may pose as Amicus Solutions, a credit bureau, or even a government agency to trick victims into giving up more personal information. Because the attackers already have some real personal details, these messages can appear convincing.
To stay safe, individuals should avoid clicking links or providing information in response to unexpected messages. Instead, they can verify any communication by contacting the organization directly using a known phone number or website. This simple habit can prevent a second wave of harm following the original breach.
More Information
HHS Office for Civil Rights Breach Notification Portal
