A security breach at Maryland-based Healthcare Interactive, known as HCIactive, has escalated significantly with the company now reporting that nearly 3.1 million individuals nationwide were impacted by a 2025 cyberattack.
HCIactive, which provides AI-powered administrative and technology services to healthcare providers, updated its initial estimates in a recent filing with Oregon state regulators. The revised figure of 3.06 million victims places this incident among the ten largest health data breaches reported in 2025. The company first detected suspicious network activity on July 22, 2025, later determining that an unauthorized actor had successfully exfiltrated files over a four-day period earlier that month.
The compromised data is extensive and includes sensitive medical information such as diagnoses, prescriptions, lab results, and treatment records. Additionally, personal identifiers including Social Security numbers, contact details, and dates of birth were stolen, alongside health insurance enrollment and billing data. In the wake of the incident, HCIactive has announced an acceleration of its "AI First" security initiative, focusing on automated monitoring, microservice segmentation, and advanced encryption to prevent future network intrusions.
