On February 13, 2025, Included Health, Inc. reported a data breach to the Massachusetts Attorney General. They found that an unauthorized party accessed sensitive information shared with them. This includes personal details like names and medical records. After their investigation, Included Health began notifying those affected.
If you received a notification from Included Health, it’s important to know what this means for you. Understanding the risks can help you protect yourself from potential fraud or identity theft. Seeking advice from a data breach lawyer can be beneficial as they can guide you on your options after the breach.
The specifics about how the Included Health breach happened are not fully available yet. The filing with the Attorney General offers some details, but more information is expected soon. The breach was reported on February 13, 2024, indicating that someone gained access to confidential information. This could mean Included Health was the main target, but it’s also possible the breach originated from a partner or vendor of the company.
Regardless of the source, Included Health took immediate steps to assess the situation. They reviewed the compromised files to identify what data was leaked and who it affected. While the exact information varies by individual, it could potentially include your name and medical record.
Once they finished reviewing the data, Included Health sent out letters to those impacted on February 13, 2025. These letters contain details about the breach and specify what personal information might have been exposed.
Included Health, based in San Francisco, California, is a healthcare tech company. They focus on virtual care, navigation services, and personalized support for health plans and employers. Their services include telehealth, expert medical opinions, care coordination, and support for LGBTQ+ and mental health needs. With around 2,000 employees, the company generates roughly $293 million in annual revenue.
