Skip to main content
Female doctor looks over a tablet with her patient

Included Health Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The data breach lawyers at The Lyon Firm are investigating a data security incident reported at Included Health. If you believe your personal data may have been compromised in the Included Health data breach or any other data theft incident it is important to know the increased risks of fraud and medical identity theft. Contact our data privacy attorneys to learn more about ongoing litigation and about how to protect yourself following a data security event or if you have received a data breach notification letter. 

What Happened at Included Health?

The San Francisco, California healthcare company reported a security breach to the Attorney General of Massachusetts on February 13, 2025, after allegedly discovering that an unauthorized party accessed private data, ostensibly on either their own company servers or on the systems of a third-party vendor. The notice says that the breach may have resulted in the unauthorized party accessing consumers’ sensitive information, possibly including names and medical record information. The company has begun sending out data breach notification letters to all individuals whose personal information may be impacted.

More details on the IT security incident should be available in the coming weeks. In the mean time, anyone affected should take measures to minimize the risk of fraud by keeping a close eye on all accounts linked to Included. Included Health is a healthcare technology company that provides virtual care, navigation services, and personalized healthcare support for employers and health plans.

The company website notes the following on their security page: “Our goal is to maintain the trust of our members, clients, employees and other stakeholders by keeping their data safe and secure. We accomplish this by ensuring our Included Health systems and processes, as well as those of our business partners, are meeting critical industry standards related to confidentiality, integrity and availability of information.”

We believe any entity that collects and stores your personal data has a duty to protect it with robust IT security. If a company is negligent and data is stolen from their servers, they can potentially be accountable for any related damages. The Lyon Firm has filed numerous data breach lawsuits on behalf of plaintiffs in California and nationwide.