Healthcare Interactive data breach exposes sensitive information of 87,565 Americans

A data breach at Healthcare Interactive Inc., a U.S.-based provider of AI-powered software for insurance enrollment and benefits administration, has exposed sensitive personal and medical information belonging to 87,565 individuals nationwide, including nearly 3,800 Maine residents, following a cyber intrusion discovered in July.

The incident occurred after cybercriminals gained unauthorized access to Healthcare Interactive’s computer network between July 8 and July 12, 2025, and accessed and copied files containing highly sensitive data. Suspicious activity was identified on or around July 22, prompting the company to launch a forensic investigation that confirmed the breach and data exfiltration.

The compromised information includes names, addresses, email addresses, phone numbers, dates of birth, Social Security numbers, health insurance enrollment details, and extensive medical data. Exposed medical information spans diagnoses, treatment histories, prescriptions, lab results, medical record numbers, insurance claims data, and, in some cases, medical images and physicians’ names.

Healthcare Interactive reported that it has no evidence at this time that the stolen data has been misused. Even so, the company has begun notifying affected individuals and is offering complimentary credit monitoring and identity theft protection services as a precaution. Impacted individuals are being advised to closely monitor financial accounts and insurance statements, review credit reports, and remain vigilant for suspicious communications.

The breach has been reported to the Maine Attorney General’s office, which confirmed that 87,565 people were affected, including 3,782 residents of Maine. The incident is also listed on the U.S. Department of Health and Human Services Office for Civil Rights breach portal, currently showing a placeholder figure of at least 501 affected individuals pending completion of the investigation and final data review.

Healthcare Interactive stated that it is reviewing its security policies and procedures and implementing additional safeguards to strengthen the protection of its systems and data. The investigation into the scope and impact of the breach remains ongoing.