weerapat1003 - stock.adobe.com
AI-powered insurance platform breach impacts 3.1M individuals
HCIactive, a company that offers AI-powered administrative solutions, reported a multi-million-record breach to state regulators.
Healthcare Interactive, commonly known as HCIactive, reported a data breach to the Oregon attorney general's office that affected 3.1 million individuals. HCIactive offers an AI-powered insurance and benefits administration platform that it says is "designed to connect and manage healthcare service providers and clients."
According to the official breach notice, HCIactive discovered suspicious activity within its computer network on July 22, 2025. Further investigation determined that an unauthorized actor copied certain files from the company's network between July 8, 2025, and July 12, 2025.
The information involved in the breach included names, Social Security numbers, health insurance enrollment data, medical record numbers, diagnoses, lab results and health insurance claims data.
"Although HCIactive does not have evidence to indicate that information was subject to actual or attempted misuse, HCIactive is providing certain individuals with complimentary credit monitoring services and notifying state and federal regulators," the notice stated.
"HCIactive also reviewed existing security policies and implemented additional measures to further protect against similar incidents moving forward."
The multi-million-record figure puts this breach in the top ten breaches reported to regulators in 2025, though it has not yet been displayed on HHS's data breach portal.
Jill Hughes has covered healthcare cybersecurity and privacy news since 2021.
