Veradigm 2025 Data Breach

Veradigm Health IT Platform Breach (2025): 2.3 Million Patient Records Including Medical Diagnoses & SSN | ObscureIQ
ObscureIQ Breach Intelligence

Classification Tags

MedicalAccount BalanceEmail AddressFull NameMedical DiagnosisPhone NumberPhysical AddressSocial Security Number
Low SeverityWebsite / service breach

Veradigm Health IT Platform Breach (2025): 2.3 Million Patient Records Including Medical Diagnoses & SSN

Healthcare technology company providing software, data, and analytics solutions.

Verified by ObscureIQ Intelligence
0/100Breach Risk Index
63Data Value

Breach Intelligence Summary

Entity: Veradigm · Actor: Unknown · Sources: 2 references
Attack: Unknown
Profile: Company · Healthcare technology and data solutions · Health IT platform · USA
Timeline: Breach (2025-07-01) · Year (2025)
Exposure: 2.3M records · 7 fields: Account Balance, Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number
Status: Reported

Executive Summary

Veradigm, a healthcare technology company that processes clinical and administrative data on behalf of physician practices and health systems, discovered unauthorized access to its systems on July 1, 2025. The breach affected more than 84,000 individuals, including patients whose records were held within Veradigm's platform. The attack vector has not been publicly disclosed. Veradigm was formerly known as Allscripts Healthcare Solutions and rebranded in 2023; many affected patients would not have recognized the company's name or known their data was held there. The exposed data included names, Social Security numbers, driver's license numbers, dates of birth, home addresses, phone numbers, email addresses, medical diagnoses, medications, test results, health insurance details, account balances, and payment information. This combination is particularly dangerous. Social Security numbers enable identity theft and fraudulent credit applications. Medical diagnoses and insurance details can be used to submit false insurance claims or obtain prescription drugs under a victim's identity. Account balance data adds a direct financial dimension to the exposure. Veradigm notified affected individuals on September 22, 2025, and reported implementing additional technical safeguards. A consolidated class-action lawsuit, Goodrum et al. v. Veradigm, Inc., reached a $10.5 million settlement. Eligible individuals could claim up to $5,000 for documented out-of-pocket losses, a $50 flat cash payment, or two years of medical data monitoring. The claim deadline was March 16, 2026. Affected individuals should monitor their credit reports, review their health insurance statements for unfamiliar claims, and consider placing a fraud alert or credit freeze with the major credit bureaus.

ObscureIQ assessment: Severe risk because the platform sits inside clinical data flows at scale. Exposure can enable medical fraud, prescription abuse, identity theft, and provider impersonation.

Breach Impact

Veradigm discovered unauthorized access to its systems on July 1, 2025, with the investigation confirming exposure of sensitive data for more than 84,000 individuals. Exposed information included names, Social Security numbers, driver's license numbers, dates of birth, contact details, diagnoses, medications, test results, health insurance information, and payment details. Veradigm notified affected individuals on September 22, 2025, and implemented additional technical safeguards. A consolidated class-action lawsuit — Goodrum et al. v. Veradigm, Inc. — reached a $10.5 million settlement. Class members were offered up to $5,000 for documented losses, a $50 alternate cash payment, and two years of medical data monitoring services. The claim deadline ran to March 16, 2026.

About Veradigm

Veradigm is a healthcare technology company providing electronic health record software, data analytics, and life sciences research services to physician practices, health systems, and pharmaceutical organizations. The company was formerly known as Allscripts Healthcare Solutions before rebranding to Veradigm in 2023 to reflect its focus on data and analytics. It serves thousands of healthcare provider organizations and holds large volumes of patient clinical and administrative data.

Why They Hold Your Data

Health IT platforms collect provider, patient, prescribing, claims, billing, and workflow data across electronic records, analytics, and healthcare software systems.

Recent Developments

Veradigm completed its rebranding from Allscripts in 2023 and has continued repositioning itself as a health data and analytics business. The company has faced financial pressure and strategic restructuring. The 2025 breach and associated $10.5 million settlement were the most significant legal and reputational events of the recent period.

Data Points Exposed

7 verified field types
Account Balance High
Email Address
Full Name High
Medical Diagnosis Critical
Phone Number
Physical Address High
Social Security Number Critical

Field names are shown in full for clarity and search visibility. Canonical machine keys are emitted only in this page’s structured data.

Exploitation & Downstream Threats

Threat Activity:Critical
Primary downstream threats:
  • Identity theft and synthetic identity construction using government-issued IDs
  • SIM swap attacks where phone numbers are present
  • Targeted phishing campaigns using exposed email addresses
  • Doxxing risk from physical address exposure
  • Medical identity fraud or insurance abuse using health data
Threat vectors:
  • High-value targeting
  • Phishing, credential stuffing & account takeover
  • Name-based social engineering
  • Medical extortion, insurance fraud & discrimination
  • SIM swapping, vishing & SMS phishing
  • Physical stalking, mail fraud & identity verification
  • Home targeting, stalking & physical threat
  • Full identity theft & synthetic identity fraud

Recommended Actions

If you believe your information may be included:

Protect Your ID Documents
Government-ID exposure enables document fraud — monitor and report misuse.
IdentityTheft.gov
Enable MFA Everywhere
Turn on multi-factor authentication on email first, then financial accounts.
Find 2FA settings
Report & Recover
If you spot misuse, start an official recovery plan and report fraud.
IdentityTheft.govReport to FTC

Frequently Asked Questions

What happened in the Veradigm breach?

Veradigm, a healthcare technology company that processes clinical and administrative data on behalf of physician practices and health systems, discovered unauthorized access to its systems on July 1, 2025. The breach affected more than 84,000 individuals, including patients whose records were held…

What data was exposed?

Verified fields include Account Balance, Email Address, Full Name, Medical Diagnosis, Phone Number, Physical Address, Social Security Number.

What should I do if I was affected?

Change reused passwords, enable MFA, and (if identity or financial data is involved) freeze your credit and monitor your accounts.

Sources & References

Every claim on this page is traceable. This breach draws on:

Breach Index
DataBreach.com
Record & field corroboration
ObscureIQ Intelligence
ObscureIQ proprietary analysis
Risk Index scoring & downstream-threat assessment

Protect Yourself

Check If You're Affected

Enter your email to check whether your data appears in this breach. We’ll send a 6-digit code to confirm it’s your address.

Get Free Breach Alerts

Be the first to know when new breaches are disclosed. Free forever — confirm your email with a 6-digit code.

High-Risk? Get an Exposure Audit

Executives, public figures, and high-visibility operators can receive tailored exposure intelligence and hardening guidance.

Request Consultation