Humana and Centerwell Hit by Clop Ransomware Attack in August 2025 Humana confirmed a data breach in August 2025, exposing sensitive personal and medical information of an undisclosed number of individuals. Compromised data includes names, Social Security numbers, medical billing details, claims info, provider names, Humana ID numbers, patient account numbers, and health insurance data. Subsidiary Centerwell also began notifying affected individuals this month, with Texas reporting 4,618 impacted residents. The cybercriminal group Clop claimed responsibility for the breach, though Humana has not confirmed the attribution. The attack stemmed from a vendor’s software vulnerability, which Clop has exploited in other incidents, including a flaw in Oracle’s E-Business Suite. Humana is offering affected individuals 24 months of free credit monitoring and identity restoration services through Equifax, with an enrollment deadline of March 31, 2027. Clop, active since 2019, specializes in zero-day exploits and often steals data without encryption, demanding ransom to prevent leaks. In 2025, the group claimed 456 attacks, with 35 confirmed, including breaches at Parexel International and Barts Health NHS Trust. The Oracle vulnerability alone accounted for 119 claims, 29 of which were verified. The breach adds to a rising trend of ransomware attacks on U.S. healthcare entities. Comparitech recorded 31 confirmed attacks in 2025 on non-direct-care healthcare businesses, exposing data of over 196 million people. Other recent incidents include breaches at Catalyst RCM (claimed by Everest) and Resource Corporation of America (targeted by Medusa for an $800,000 ransom). Humana, the fourth-largest U.S. health insurer, has faced prior scrutiny over fraud allegations and AI-driven Medicare claim denials. Centerwell, its subsidiary, provides pharmacy, senior care, and home health services. Both companies now face a class-action lawsuit alleging inadequate data protection.

The Maine Office of the Attorney General reported on October 24, 2023, that Humana Inc experienced a data breach on August 9, 2023, due to unauthorized access to their document processing system, affecting 2,844 individuals in total, including 16 residents. The breached information included names, Humana identification numbers, provider names, and service dates.

On May 30, 2023, Humana, Inc. (via its subsidiary Welltok, Inc.) fell victim to a malware-based cyberattack, exposing sensitive data of 33,193 Washington State residents. The breach compromised personal identifiers—including full names, dates of birth, health insurance policy/ID numbers, and medical information. The incident highlights a severe data security failure, where attackers exploited vulnerabilities to access protected health information (PHI). Such exposure poses risks of identity theft, medical fraud, and targeted phishing, as the leaked data could enable malicious actors to impersonate victims for financial or healthcare-related scams. The breach also undermines trust in Humana’s ability to safeguard patient confidentiality, potentially leading to regulatory penalties under laws like HIPAA (Health Insurance Portability and Accountability Act). While the attack did not involve ransomware, the scale and sensitivity of the leaked data—particularly medical records—elevate its severity. The compromised information could have long-term repercussions for affected individuals, including discrimination risks (e.g., based on pre-existing conditions) or unauthorized access to healthcare services. Humana’s response, including notification and mitigation measures, remains critical to limiting further harm.

Humana suffered a data breach incident after Choice Health, one of the companies it uses to help sell its products, experienced a cyberattack. The breach exposed some customers’ first and last names, Social Security numbers, Medicare beneficiary identification numbers, dates of birth, addresses, contact information and health insurance information. Humana sent out data breach letters to all affected parties, informing them of the incident and the ways to protect themselves from fraud.

Humana, Inc. experienced a data breach on May 7, 2022, due to unauthorized access to its systems. The incident exposed sensitive personal information of 639 Washington State residents, including names, Social Security numbers, and health insurance details. The breach was formally reported to the Washington State Office of the Attorney General on September 8, 2022, indicating a delayed discovery or disclosure. The compromised data poses significant risks, such as identity theft, financial fraud, and potential misuse of health-related information. While the exact method of unauthorized access was not specified, the exposure of Social Security numbers—a high-value target for cybercriminals—heightens the severity. The breach underscores vulnerabilities in Humana’s data protection measures, raising concerns about compliance with regulatory standards like HIPAA and the potential for long-term reputational damage.

The Maine Office of the Attorney General reported on September 28, 2021, that Humana experienced a data breach involving a ransomware attack on PracticeMax. The breach occurred from April 17, 2021, to May 5, 2021, and potentially affected 4,424 individuals, involving unauthorized access to Protected Health Information (PHI). PracticeMax has offered credit monitoring services for a minimum of 12 months to affected individuals.

The California Office of the Attorney General reported that Humana Inc experienced a data breach involving the disclosure of personal information by an employee of a subcontractor on March 8, 2021. The breach date occurred between October 12, 2020, and December 16, 2020, potentially affecting member details, including names and birthdates.

The California Office of the Attorney General reported a data breach involving Humana Inc on January 3, 2019. The breach occurred between May 30 and September 13, 2018, due to unauthorized access to employee system credentials at Bankers Life, potentially affecting personal information of individuals who applied for Humana health insurance policies.