Cyber Incident Victim: ID Care

On November 5, 2025, ID Care identified suspicious activity affecting certain systems within its computer network and subsequently discovered a data breach. The organization promptly initiated an internal investigation, enlisting the assistance of cybersecurity specialists to ascertain the nature and extent of the incident. According to the investigation, an unauthorized actor gained access to a subset of ID Care's network on the same date and proceeded to access or download specific files without permission. The breach was confined to particular systems rather than the entire network.

The files that were accessed contained a range of sensitive personal information belonging to individuals who received services from ID Care. This information included full names, residential addresses, Social Security numbers, dates of birth, health insurance details, and medical data such as treatment histories, diagnoses, and prescription information. The exposure of these data elements constitutes a compromise of personally identifiable and protected health information under applicable federal regulations. ID Care confirmed that the compromised data was limited to the files accessed during the unauthorized intrusion.

Following the completion of its investigation, ID Care reported the breach to the U.S. Department of Health and Human Services as required by the Health Insurance Portability and Accountability Act. The incident prompted Edelson Lechtzin LLP, a national class action law firm, to begin investigating potential claims on behalf of individuals whose information may have been affected. The law firm is gathering information to determine whether legal action can be pursued against ID Care for alleged failures to safeguard the compromised data. No further details about the attacker's identity, motive, or subsequent use of the data have been disclosed in the available sources.