Skip to main content
Computer

Genex Services Data Breach Investigation | Class Action Lawsuits

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating a recently reported data security incident at Genex Services that may have impacted the personal data of thousands of individuals. Contact our legal team to learn more about the next steps you can take and to discuss legal action. We have filed numerous class action data breach lawsuits and we represent clients in all fifty states.

What Happened at Genex?

Genex Services, LLC, the Pennsylvania-based managed care and insurance company discovered a data breach on February 25, 2025, following suspicious activity noted on January 22. The incident supposedly compromised the sensitive personal identifiable information (PII) and protected health information (PHI) of over 4,300 individuals. The company started mailing data breach notifications on July 9, 2025, to all affected individuals.

The breach first caught notice when Genex Services detected unauthorized access to portions of its network. A subsequent investigation revealed that a cybercriminal had infiltrated the system, potentially exposing critical personal data such as names, Social Security numbers, insurance details, and medical records tied to workers’ compensation and disability claims. The delay between the initial activity and discovery—over a month—has fueled questions about the company’s cybersecurity measures. While Genex has stated there’s no evidence of misuse, the compromise of data alone poses a significant risk of identity theft and fraud.

Genex Services serves a wide network of insurance companies, employers, and third-party administrators across the country, specializing in managed healthcare and workers’ compensation. The breach impacted clients and patients whose data was entrusted to the company, including those involved in claims processing.

This incident underscores a serious vulnerability in data security throughout the healthcare and insurance sectors. The lack of immediate detection suggests potential weaknesses in cybersecurity infrastructure. This follows in the wake of years of cyberattacks targeting personal and health data. Exposed PII and PHI can lead to identity theft, medical fraud, or unauthorized access to financial accounts. The long delay before notification—nearly five months—may have allowed malicious actors to act, amplifying the breach’s impact.

If you receive a notification from Genex regarding this incident, act quickly and call us to start processing your claim. For those considering legal recourse, call our lawyers for a free and confidential consultation.