Resource Corporation of America 2025 Data Breach

Resource Corporation of America Healthcare Eligibility Services Breach (2025): 809K Records Including SSN Exposed via Medusa Ransomware | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MedusaRansomware / ExtortionFinancialBpoEmail AddressFull NamePhone NumberSocial Security Number
High SeverityWebsite / service breach

Resource Corporation of America Healthcare Eligibility Services Breach (2025): 809K Records Including SSN Exposed via Medusa Ransomware

Healthcare eligibility and revenue-cycle services provider (business process outsourcing).

Verified by ObscureIQ Intelligence
75/100Breach Risk Index
25Data Value
60Market Recency
141dSince Breach

Breach Intelligence Summary

Entity: Resource Corporation of America · Actor: Medusa · Sources: 2 references
Attack: Ransomware / Extortion
Profile: Company · Business process outsourcing and receivables management · Financial services provider · USA
Timeline: Breach (2025-12-09) · Year (2025)
Exposure: 809K records · 4 fields: Email Address, Full Name, Phone Number, Social Security Number
Status: Confirmed

Executive Summary

Resource Corporation of America detected suspicious activity on December 17, 2025 and determined an unauthorized actor accessed its systems and copied files between December 9 and 17, 2025. The Medusa ransomware group claimed the attack, posting on January 4, 2026 that it had obtained internal data and would release it within about 15-16 days. RCA's notice stated the potentially affected data could include names, addresses, dates of birth, Social Security numbers, health insurance details, and medical diagnosis/treatment information, though it was still reviewing files and reported no confirmed misuse. Confirmed circulating identifiers center on names, Social Security numbers, and contact data; the health-related categories remain RCA-reported and not independently confirmed in circulation. Approximately 809,233 individuals are recorded (per DataBreach.com).

ObscureIQ assessment: High risk of fraud, coercive scams, and financial impersonation. Exposure can help attackers pose as debt collectors, exploit financial stress, or target people around outstanding obligations.

Breach Impact

As a healthcare BPO, RCA holds identity and health-eligibility data for large numbers of individuals across its client base, so exposure of names, Social Security numbers, and contact details creates broad identity-theft and fraud risk, amplified by the third-party nature of the breach (affected individuals are its clients' patients). RCA's notice indicated dates of birth, health insurance, and medical diagnosis/treatment information could also be involved, which would materially increase medical-fraud and extortion risk.

About Resource Corporation of America

Resource Corporation of America (RCA) is a U.S. business-process outsourcing firm providing third-party eligibility, enrollment, and revenue-cycle services to healthcare organizations. Operating on behalf of provider and payer clients, it handles patient and applicant administrative records, contact details, and financial and benefits-eligibility information as part of its eligibility and collections workflows.

Why They Hold Your Data

Receivables management and BPO firms collect debtor, client, and contact records, often including names, addresses, phone numbers, account references, and financial obligation data tied to collections workflows.

Recent Developments

RCA disclosed the incident in early 2026 after detecting suspicious activity in December 2025. The Medusa ransomware group claimed responsibility, posting on its Tor site on January 4, 2026 and threatening to release the data. Multiple class-action firms have opened investigations.

Data Points Exposed

4 verified field types
Email Address
Full Name High
Phone Number
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using SSN
  • Targeted phishing and vishing using name, email, and phone
  • Debt-collection and eligibility-themed impersonation scams
  • SIM swap attacks where phone numbers are present
  • Potential medical-fraud and extortion if reported health data is in the dump
Threat vectors:
  • Full identity theft & synthetic identity fraud
  • Name-based social engineering
  • Debt-collection & eligibility impersonation
  • Phishing, credential stuffing & account takeover
  • SIM swapping, vishing & SMS phishing
  • Medical extortion & insurance fraud (if PHI circulating)

Threat Actor: Medusa

Medusa
Ransomware / Extortion

Attribution and method are based on available breach intelligence. Reported attack vector: Ransomware / Extortion.

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.

Frequently Asked Questions

What happened in the Resource Corporation of America breach?

Resource Corporation of America detected suspicious activity on December 17, 2025 and determined an unauthorized actor accessed its systems and copied files between December 9 and 17, 2025. The Medusa ransomware group claimed the attack, posting on January 4, 2026 that it had obtained internal data…

What data was exposed?

Verified fields include Email Address, Full Name, Phone Number, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation