Wellpoint, Inc. Reports Major Data Breach Affecting Sensitive Health and Personal Information On October 7, 2025, Wellpoint, Inc., a leading health insurance provider under Elevance Health serving Medicaid, Marketplace, and Medicare plans, disclosed a significant data breach to the U.S. Department of Health and Human Services (HHS). The incident involved unauthorized access to highly sensitive data, though the exact cause—whether through a direct system breach or a third-party vendor compromise—remains unclear. Wellpoint has not confirmed whether this breach is linked to previously reported incidents involving vendors such as Outcomes One and Episource. The exposed data may include personally identifiable information (PII)—such as names, addresses, dates of birth, and Social Security numbers—as well as protected health information (PHI), including medical records, insurance details, and treatment histories. The combination of PII and PHI heightens the risk of identity theft and medical fraud, making this breach particularly concerning for affected individuals. In response, Wellpoint launched an internal investigation to assess the breach’s scope and origin while implementing measures to secure its systems against further unauthorized access. Affected individuals have been notified as required by law, with guidance on monitoring their accounts and credit reports for suspicious activity. The company has also advised caution regarding potential phishing attempts or fraudulent communications referencing their health or insurance data. The full extent of the breach and its long-term impact remain under review.