VITAS Healthcare reports data breach through compromised vendor account
Learn More
VITAS Healthcare, a hospice provider is reporting a data breach affecting current and former patients after an unauthorized party gained access to network systems through a compromised vendor account.
The breach was discovered on October 24, 2025. The investigation confirmed that the attack occurred between September 21 and October 27, 2025, when hackers exploited a third-party vendor's account credentials to access VITAS's systems. The attackers accessed and potentially downloaded sensitive information belonging to patients and their families. The exposed data includes:
- Names
- Email addresses
- Physical addresses
- Dates of birth
- Phone numbers
- Social Security numbers
- Driver's license numbers
- Passport IDs
- Bank account numbers
- Debit card numbers
- Financial account details
- Medical IDs
- Medical record numbers
- Medicare Beneficiary Identifier ID numbers
- Next of kin details
- Medical and treatment information
- Insurance data
- Health savings account information
- International Classification of Disease (ICD) codes
- National Provider Identifier numbers
The number of affected individuals has not been disclosed.
VITAS is providing affected individuals with complimentary credit monitoring and identity protection services for 24 months. The services include credit monitoring, dark web monitoring, identity restoration assistance, and up to $1 million in identity theft insurance.
Notification letters are being mailed to affected individuals with instructions on how to enroll in the protective services. Patients who have questions about the incident can contact the dedicated call center at 855-403-1586, Monday through Friday, from 9 a.m. to 9 p.m., Eastern time, excluding U.S. holidays.
Update - as of 8th of December 2025, Vitas reported that more than 300,000 individuals are affected by a the incident.
