What should I do if I was affected by a data breach?

If you were affected by a data breach, you should immediately monitor your financial accounts, place a fraud alert or credit freeze with the major credit bureaus (Equifax, Experian, and TransUnion), change passwords for affected accounts, and consult a data breach lawyer to understand your legal rights and potential compensation options. Act quickly — statutes of limitations apply.

Can I receive financial compensation after a data breach?

Yes. Victims of data breaches may be eligible for financial compensation through class action lawsuits or individual claims. Recoverable damages can include identity theft losses, out-of-pocket expenses, lost time, and compensation for the ongoing risk of future harm. A free consultation with a data breach attorney can help determine your eligibility.

How long do I have to file a data breach lawsuit?

Statutes of limitations for data breach claims vary by state, typically ranging from one to three years from the date you discovered — or reasonably should have discovered — the breach. In some states, the clock starts from the breach date itself. Contact a data breach lawyer as soon as possible to preserve your rights.

Cherry Health Data Breach

What Happened?

Cherry Health first detected suspicious activity within its network environment on or about April 19, 2026. After discovering the activity, the organization secured its systems and launched a forensic investigation with assistance from outside specialists.

The investigation found that certain files and information stored on the network had been accessed and copied by an unauthorized party. Cherry Health has not publicly disclosed how the unauthorized access occurred, nor has it identified the threat actor responsible for the incident.

Because the data review remains ongoing, the organization has not yet finalized the list of affected individuals or disclosed the full scope of the breach.

Who was affected?

Cherry Health reported that the incident may impact certain current and former patients, as well as current and former staff members. Because the organization’s review of the affected data was still ongoing when the notice was published, the total number of affected individuals had not yet been determined.

What Information May Have Been Exposed?

Cherry Health stated that the potentially impacted information varies by individual. The categories of information that may have been accessed include:

Names
Addresses
Phone numbers
Dates of birth
Social Security numbers (for some individuals)
Health insurance information
Health insurance identification numbers
Patient identification numbers
Provider names
Service dates

The organization emphasized that not every affected individual experienced exposure of all data elements. Some people may have had only one category of information involved, while others may have had multiple types of data exposed.

Because the incident potentially involves both personally identifiable information (PII) and protected health information (PHI), affected individuals may face risks including identity theft, medical identity fraud, and financial fraud.

What is the company doing?

Cherry Health stated that it takes the security and privacy of information in its care very seriously. Following discovery of the incident, the organization implemented measures to secure its environment and began working to strengthen safeguards designed to reduce the likelihood of a similar event occurring in the future.

The organization also reported that it currently has no evidence indicating that the potentially affected information has been misused for identity theft or fraud. However, Cherry Health encourages individuals to remain vigilant and monitor financial accounts, insurance statements, and credit reports for unusual activity.

Because the review of the impacted data remains ongoing, Cherry Health plans to send written notification letters directly to affected individuals once the investigation and data analysis are complete. Those letters will identify the specific information involved for each individual recipient.

What can you do?

While Cherry Health continues its review, individuals who believe they may be affected should consider taking proactive steps to protect themselves:

Monitor bank and financial account statements.
Review explanation of benefits (EOB) statements from health insurers.
Check credit reports for unauthorized activity.
Watch for suspicious medical billing or insurance claims.
Consider placing a fraud alert on credit files if sensitive information such as a Social Security number was involved.
Report any suspected identity theft to the appropriate authorities immediately.

Individuals seeking additional information about the incident may contact Cherry Health using the resources provided in the organization’s notice.

Links for more information

Notice of Data Breach