Insightin Health over the weekend confirmed it notified 142,727 people of a September 2025 data breach that compromised the following personal info:
- Names
- Dates of birth
- Health insurance IDs
- Contract numbers
- Medicare and Medicaid beneficiary IDs
- Other info associated with providers
Insightin, a healthcare marketing agency, says hackers exploited a vulnerability in a third-party application to gain unauthorized access to the data.
A cybercriminal group called Medusa took credit for the breach shortly after it occurred. Medusa demanded $500,000 in ransom for 378 GB of stolen data.
Insightin Health has not acknowledged Medusa’s claim, and Comparitech cannot independently verify it. We do not know how attackers breached Insightin’s network or if the company paid a ransom. Comparitech contacted Insightin for comment and will update this article if it replies.
“In September 2025, Insightin identified suspicious activity within its network after an unauthorized actor gained access by exploiting a previously unknown vulnerability in a third-party application used by Insightin,” says the data breach notice on Insightin’s website.
“The investigation determined that certain files stored on a limited number of Insightin servers were accessed or copied by an unauthorized party between September 17, 2025, and September 23, 2025.”
Insightin is offering breach victims free credit monitoring service.
Who is Medusa?
Medusa first appeared in September 2019 and debuted its leak site in February 2023, where it publishes stolen data of organizations that don’t pay ransoms. Medusa both locks down computer systems and steals data, forcing infected organizations to pay a ransom to restore systems and to not publish stolen data. The gang operates a ransomware-as-a-service scheme in which customers pay to use Medusa’s malware and infrastructure to launch attacks and collect ransoms.
Medusa claimed responsibility for 154 ransomware attacks in 2025. Of those, 37 were confirmed by the targeted organizations, which in turn notified 1.9 million people.
This attack on Insightin Health is Medusa’s second-largest breach to date by number of records compromised. The largest hit SimonMed Imaging, which notified 1.3 million people of the ensuing breach.
Last month, Medusa took credit for a breach at medical billing company Resource Corporation of America.
Ransomware attacks on US healthcare
Comparitech researchers logged 30 confirmed ransomware attacks on US healthcare businesses that don’t provide direct care such as pharmaceutical companies, medical software and device makers, and medical billing companies. Those attacks compromised more than 6 million personal records in total.
This attack on Insightin Health was the third-largest such breach at a healthcare businesses. The two largest were:
- Episource notified 5.4 million people of a January 2025 data breach caused by ransomware
- Fieldtex Products notified 274,363 people of an August 2025 data breach claimed by Akira
Following a November 2025 data breach claimed by Everest, medical billing company Catalyst RCM notified nearly 140,000 people.
We’re tracking 32 attack claims made by ransomware gangs in 2026 to date, two of which have been confirmed.
Ransomware attacks on healthcare businesses can both lock down computer systems and steal data. These attacks often compromise data belonging to the business’ clients, such as patient data from hospitals and clinics. They can cripple critical systems and endanger the health, privacy, and security of patients. Targeted companies must pay a ransom or face extended downtime, data loss, and putting patients and staff at increased risk.
Companies like Insightin Health operating in the healthcare sector have become a key target for hackers because they handle a large amount of personal data and deal with several third-party clients.
About Insightin Health
Based in Baltimore, MD, is a healthcare marketing agency and software-as-a-service business.
