On February 13, 2025, Included Health, Inc. filed a notice of data breach with the Attorney General of Massachusetts after discovering that an unauthorized party was able to access confidential information that had been provided to the company. In this notice, Included Health explains that the incident resulted in an unauthorized party being able to access consumers’ sensitive information, which includes their names and medical record information. Upon completing its investigation, Included Health began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.
If you received a data breach notification from Included Health, Inc., it is essential you understand what is at risk and what you can do about it. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the Included Health data breach. For more information, please see our recent piece on the topic here.
What Caused the Included Health Data Breach?
The Included Health data breach was only recently announced, and more information is expected in the near future. However, Included Health’s filing with the Attorney General of Massachusetts provides only limited information on what led up to the breach.
Based on the available information, we know that Included Health filed notice of a data breach on February 13, 2024, after learning that an unauthorized party was able to access confidential information in the company’s possession. While it’s certainly possible that Included Health was the target of the breach, that isn’t the only conclusion; it’s also possible that Included Health is reporting a third-party data breach that occurred at one of the company’s partners or vendors.
Either way, after learning that sensitive consumer data was accessible to an unauthorized party, Included Health reviewed the compromised files to determine what information was leaked and which consumers were impacted. Included Health recently completed this process, and while the breached information varies depending on the individual, it may include your name and medical record information.
On February 13, 2025, Included Health sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with more details on what led up to the incident as well as a list of what information belonging to them was compromised.
More Information About Included Health, Inc.
Included Health is a healthcare technology company that provides virtual care, navigation services, and personalized healthcare support for employers and health plans. Headquartered in San Francisco, California, the company offers a wide range of services, including telehealth, expert medical opinions, care coordination, and LGBTQ+ and mental health support. The organization employs approximately 2,000 people and generates an estimated $293 million in annual revenue.