Decisely Insurance Data Breach Exposes 537,603 Patient Records

A major healthcare data breach has struck Decisely Insurance Services, LLC, a Georgia-based business associate, exposing the protected health information (PHI) of 537,603 individuals. The cybersecurity incident, reported to the Department of Health and Human Services on June 13, 2025, represents one of the larger healthcare data breaches of the year and highlights ongoing vulnerabilities in healthcare IT infrastructure.

What Happened

Decisely Insurance Services, LLC experienced a significant hacking incident that compromised their network servers and other systems. The breach was classified as a "Hacking/IT Incident" and affected network servers along with other unspecified locations within their IT infrastructure.

While the Department of Health and Human Services' breach report provides limited details about the specific nature of the attack, the scale of the incident – affecting over half a million individuals – suggests a comprehensive compromise of the company's data systems. The breach was discovered and reported in June 2025, though the exact timeline of when the incident occurred and how long unauthorized access may have persisted remains unclear.

As a business associate under HIPAA regulations, Decisely Insurance Services handles PHI on behalf of covered entities, making this breach particularly concerning for the healthcare organizations and patients who trusted their services.

Who Is Affected

This breach impacts 537,603 individuals whose protected health information was stored on Decisely Insurance Services' compromised systems. The affected individuals likely include:

• Current and former insurance plan members
• Healthcare patients whose information was processed through Decisely's services
• Beneficiaries of insurance plans managed by the company
• Family members covered under affected insurance policies

Given Decisely's role as an insurance services provider, the exposed information potentially spans multiple healthcare organizations and insurance plans that contracted with the company for administrative services.

Breach Details

The breach originated from Decisely's network infrastructure, specifically targeting network servers and other system components. As a hacking incident, this suggests cybercriminals gained unauthorized access to the company's IT environment, potentially through various attack vectors such as:

• Phishing emails targeting employees
• Exploitation of software vulnerabilities
• Weak or compromised credentials
• Ransomware deployment
• Advanced persistent threat (APT) attacks

The involvement of both network servers and "other" locations indicates the breach may have been extensive, potentially affecting multiple systems within Decisely's IT infrastructure. This type of comprehensive compromise often occurs when attackers gain initial access and then move laterally through an organization's network.

Without additional details from the breach notification, it's unclear what specific types of PHI were accessed, though insurance-related breaches typically involve sensitive information including names, dates of birth, Social Security numbers, insurance policy numbers, medical diagnoses, and treatment information.

What This Means for Patients

If you believe your information may have been affected by this breach, you could face several potential risks:

Identity Theft: Exposed personal information like Social Security numbers can be used to open fraudulent accounts or file false tax returns.

Medical Identity Theft: Criminals may use your health information to obtain medical services, prescription drugs, or file fraudulent insurance claims.

Insurance Fraud: Your insurance information could be used to obtain unauthorized medical care or prescription medications.

Financial Impact: Fraudulent charges on insurance accounts or medical bills for services you didn't receive.

Privacy Concerns: Your sensitive health information may be exposed or sold on dark web marketplaces.

Affected individuals should receive breach notification letters from Decisely Insurance Services within 60 days of the breach discovery, as required by HIPAA regulations. These letters should provide more specific details about what information was compromised and what steps the company is taking to address the incident.

How to Protect Yourself

If you suspect your information was involved in this breach, take these immediate steps:

Monitor Your Accounts: Regularly check your insurance statements, medical bills, and explanation of benefits for unauthorized charges or services you didn't receive.

Review Credit Reports: Obtain free credit reports from all three major credit bureaus and look for suspicious activity or new accounts you didn't open.

Consider Credit Monitoring: Enroll in credit monitoring services to receive alerts about changes to your credit profile.

Place Fraud Alerts: Contact one of the major credit bureaus to place a fraud alert on your credit file, making it harder for identity thieves to open accounts in your name.

Monitor Healthcare Records: Request copies of your medical records from healthcare providers to ensure accuracy and watch for signs of medical identity theft.

Report Suspicious Activity: If you notice any fraudulent charges or unauthorized account activity, report it immediately to your insurance company, healthcare providers, and relevant authorities.

Stay Vigilant: Be cautious of phishing emails or phone calls requesting personal information, as breached data is often used for targeted scams.

Prevention Lessons for Healthcare Providers

The Decisely Insurance breach offers important lessons for healthcare organizations and their business associates:

Robust Cybersecurity Measures: Implement comprehensive cybersecurity programs including firewalls, intrusion detection systems, and regular security updates.

Employee Training: Provide ongoing cybersecurity awareness training to help staff identify and avoid phishing attempts and other social engineering attacks.

Access Controls: Implement strong authentication measures and limit access to PHI based on job responsibilities and the principle of least privilege.

Regular Security Assessments: Conduct periodic vulnerability assessments and penetration testing to identify and address security weaknesses.

Business Associate Management: Thoroughly vet business associates and ensure they have appropriate safeguards in place to protect PHI.

Incident Response Planning: Develop and regularly test incident response plans to enable quick detection and containment of security breaches.

Data Encryption: Encrypt PHI both in transit and at rest to minimize the impact of unauthorized access.

Network Segmentation: Isolate critical systems and limit lateral movement opportunities for attackers who gain initial network access.

The Decisely Insurance Services breach serves as another reminder that healthcare organizations and their business associates remain attractive targets for cybercriminals. As the healthcare industry continues to digitize and rely on third-party services, maintaining strong cybersecurity practices and HIPAA compliance becomes increasingly critical.

Protect your practice with AI-powered HIPAA compliance. Get started with HIPAA Agent.