In what may become the largest healthcare breach of 2025, Conduent Business Solutions LLC disclosed a cyberattack that compromised the data of over 10.5 million patients. The breach, first discovered in January, affected major clients including Blue Cross Blue Shield of Montana and Humana, among others. Although the incident has not yet appeared on the U.S. Department of Health and Human Services’ HIPAA breach reporting website, Conduent confirmed the scale of the exposure in filings with federal regulators.
The company reported to the U.S. Securities and Exchange Commission in April that a “threat actor” gained unauthorized access to a portion of its network on January 13. The breach caused operational disruptions for several days, though systems were reportedly restored quickly. Conduent said the attack led to data exfiltration involving files connected to a limited number of its clients. Upon further forensic analysis, cybersecurity experts confirmed that these files contained sensitive personal and health information of millions of individuals.
Affected data included patient names, treatment details, insurance information, and billing records. The company’s notification letters sent to Humana and Blue Cross customers revealed that the breach stemmed from Conduent’s third-party mailroom and printing services unit. Despite the massive scale, Conduent maintains that there is no evidence the stolen data has appeared on the dark web.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: