Hackers exploited trusted vendor app to breach Insightin Health's systems

American healthcare technology provider Insightin Health said cyber criminals exploited a trusted third-party application to access its network in September and copy the personal and membership information of its customers.

The Baltimore-based healthcare company said in a press release that it detected the unauthorised intrusion into its network in September and determined that a threat actor exploited vulnerabilities in a trusted third-party application to access its network between September 17 and September 23, 2025.

"Insightin took steps to contain the issue and began a comprehensive review of these files to determine whether sensitive information may be impacted, and to whom that information related," it said.

Insightin Health said the threat actor was able to access and copy the personal and membership information of certain customers, including their names, dates of birth, non-unique identifiers assigned by health insurance providers, and on a limited circumstance, contract numbers and Medicare Beneficiary Identifiers issued by the Centers for Medicare and Medicaid.

The company did not disclose the number of affected customers but stressed that the cyber security incident did not impact its ability to serve customers.

The company has warned the affected customers to remain vigilant against incidents of identity theft and fraud, monitor their account statements and access a free copy of their credit report from the three major credit reporting bureaus, Equifax, Experian, and TransUnion, to check if they were victims of fraudulent activity.

The company’s press release follows the Medusa ransomware gang claiming responsibility for breaching Insightin Health’s and exfiltrating up to 378 GB of information. The group has threatened to publish the stolen data if a ransom isn’t paid.