Massive Data Breach at Healthcare Interactive Affects Over 3 Million, Including 103,000 SC Residents

Healthcare Interactive, Inc. (HCIactive), an Ellicott City, Maryland-based provider of AI-powered software solutions for insurance enrollment and benefits administration, has experienced one of the largest healthcare data breaches of 2025. The breach has compromised the personal and protected health information of over 3 million individuals nationwide, including 103,000 residents of South Carolina.

As required by law, HCIactive has notified the South Carolina Department of Consumer Affairs and has begun sending notification letters to affected residents.

What Happened?

HCIactive first identified suspicious activity on its computer network on or around July 22, 2025. According to the company’s notice of security incident, an investigation determined that an unauthorized actor had access to their network and copied certain files between July 8, 2025, and July 12, 2025. However, information provided to the Oregon Attorney General suggests the unauthorized access may have spanned a longer period, from June 17, 2025, to July 22, 2025.

HCIactive initially reported the breach to the HHS’ Office for Civil Rights on September 22, 2025, using a placeholder figure while the review of affected data was ongoing. As the investigation progressed, the staggering scope of the breach became clear. By January 2026, it was confirmed that 3,056,950 individuals were affected, making it the 5th largest healthcare data breach of 2025.

What Information Was Involved?

The type of data compromised varies by individual but is extensive and highly sensitive. Exposed information may include:

• Names
• Addresses
• Phone numbers and email addresses
• Dates of birth
• Social Security numbers
• Health plan/policy numbers and health insurance provider names
• Member/group IDs and health insurance claim numbers
• Account numbers and billing codes
• Explanation of benefits
• Medical data, including diagnoses, treatment information, prescriptions, lab results, medical images, care information, doctors’ names, and medical record numbers.

While HCIactive states they are not aware of any actual or attempted misuse of the stolen information, the sheer volume and sensitive nature of the data present a significant risk for identity theft and medical fraud. The threat actor behind the attack remains unknown.

What is HCIactive Doing?

In response to the breach, HCIactive states they have worked quickly to secure their systems. They have implemented additional technical security measures and are reviewing and enhancing their existing policies and procedures to prevent future incidents.

In a December 2025 press release, the company announced structural changes to support their “AI First and AI Everywhere” mission, which includes expanded leadership oversight around AI security, zero trust enforcement, AI-driven anomaly detection, modernization of encryption, and stricter compliance oversight.

As an added precaution, HCIactive is offering complimentary credit monitoring services through Cyberscout, a TransUnion company, to affected individuals. Due to privacy restrictions, individuals cannot be automatically enrolled and must sign up for the service using the unique code provided in their notification letter.

Checking Your Credit Report: A Crucial Annual Task

What You Can Do

If you received a notification letter from HCIactive, it is crucial to take immediate steps to protect yourself:

• Enroll in the Complimentary Credit Monitoring: Follow the instructions in your letter to enroll in the free credit monitoring services offered through Cyberscout. You must enroll within 90 days of the date on your letter.
• Monitor Your Accounts Closely: Remain vigilant by regularly reviewing your free credit reports, account statements, and explanation of benefits forms for any suspicious activity or errors.
• Request Free Credit Reports: You are entitled to one free credit report annually from each of the three major credit bureaus (Equifax, Experian, and TransUnion). Visit www.annualcreditreport.com or call 1-877-322-8228 to request yours.
• Consider a Fraud Alert or Credit Freeze: You have the right to place a free initial or extended “fraud alert” on your credit file. Alternatively, you can place a “credit freeze” on your report, which prohibits credit bureaus from releasing information without your express authorization. Contact the major credit reporting bureaus to set these up.
• Report Suspicious Activity: Any suspected identity theft or fraud should be promptly reported to the applicable institution, law enforcement, your state Attorney General, and the Federal Trade Commission (FTC).

The FTC can provide further resources on identity theft protection and can be reached at www.identitytheft.gov or 1-877-ID-THEFT.

Feeling lost in the digital world? Dr. Tom is here to help!

Join Dr. Tom every week in his column, Dr. Tom’s Cyber Bits and Tips, for byte-sized advice on all things cyber and tech. Whether you’re concerned about online safety, curious about the latest cybercrime trends, or simply want to navigate the ever-evolving digital landscape, Dr. Tom has you covered.

From practical cybersecurity tips to insightful breakdowns of current threats, Dr. Tom’s column empowers you to stay informed and protect yourself online. So, dive in and get savvy with the web – with Dr. Tom as your guide!