Cigna Data Breach 2024: What Happened, Who’s Affected, and What To Do Now

Prospect Medical Holdings Breach Overview

Prospect Medical Holdings (PMH) suffered a ransomware attack that disrupted operations and exposed patient and employee data between July 31 and August 3, 2023. Stolen files reportedly contained protected health information (PHI) such as names, dates of birth, Social Security numbers, health insurance details, and clinical information. Notifications and class action activity continued into 2024, underscoring how hospital and vendor incidents can ripple across health plans and patients alike. ([oag.ca.gov](https://oag.ca.gov/ecrime/databreach/reports/sb24-574490?utm_source=openai))

While PMH’s event was not a breach of Cigna’s systems, patients treated at PMH facilities—regardless of their insurer—may have received data exposure notifications. The PMH incident provides context for how healthcare provider and vendor security lapses can indirectly affect health plan members through shared data flows and claims processing. ([oag.ca.gov](https://oag.ca.gov/ecrime/databreach/reports/sb24-574490?utm_source=openai))

Third-Party Vendor Breach Details

Cigna Healthcare disclosed that a third-party vendor supporting its Payment Integrity (claim overpayment and recovery) work experienced an unauthorized access incident spanning October 21, 2024, to January 13, 2025. According to a Cigna notification letter excerpted by DataBreaches.net, Cigna learned of the incident on January 15, 2025, but the vendor did not confirm Cigna data impact until September 3, 2025; impacted files were identified for individual members later that month. ([databreaches.net](https://databreaches.net/2025/12/10/should-entities-be-required-to-disclose-the-name-of-a-vendor-if-the-breach-was-at-the-vendors/?utm_source=openai))

The vendor has been identified publicly as Conduent Business Services. Conduent’s notice states an unauthorized third party accessed its environment during the same October 2024–January 2025 window and obtained files containing personal and health information; state investigations (including in Texas) later highlighted the breadth of impact. Conduent reported securing its systems, engaging forensic experts, and notifying law enforcement. ([conduent.com](https://www.conduent.com/incident-notice/data-incident-1/?utm_source=openai))

Impacted Individuals and Data Types

Based on Cigna’s notifications and local client advisories, affected individuals include certain Cigna plan members whose claims appeared in the vendor’s Payment Integrity overpayment/recovery files. Not all Cigna customers were impacted. Data elements varied by person but could include name, health care ID, dates of service, treatment cost, and claim numbers; in some cases, Social Security numbers were also involved. These categories meet the definition of protected health information. ([databreaches.net](https://databreaches.net/2025/12/10/should-entities-be-required-to-disclose-the-name-of-a-vendor-if-the-breach-was-at-the-vendors/?utm_source=openai))

Separate statewide and media reporting about the vendor’s broader incident indicates that the unauthorized access event affected millions of people across multiple clients and sectors, which helps explain why member identification and notification required extended data review. ([hipaajournal.com](https://www.hipaajournal.com/conduent-business-solutions-data-breach/?utm_source=openai))

Class Action Lawsuit Summary

At least one proposed class action was filed against Cigna in December 2025 in the District of Connecticut, alleging the insurer failed to adequately safeguard member data exposed via the vendor breach window (October 2024–January 2025). Plaintiffs claim heightened risks of identity theft and seek damages and remedial security measures. Case activity remains in early stages as of February 19, 2026. ([law360.com](https://www.law360.com/connecticut/articles/2423746/cigna-faces-class-claims-over-vendor-data-breach?utm_source=openai))

Multiple class actions separately target Conduent, and regulators have opened investigations. For example, the Texas Attorney General issued civil investigative demands to Conduent in February 2026, citing access to Texans’ PHI during the October 21, 2024–January 13, 2025 period. Industry reporting notes victim counts exceeding initial estimates, reflecting large-scale vendor exposure. Under HIPAA, covered entities and business associates must provide breach notifications within specific timelines, and delays can raise regulatory compliance reporting issues. ([texasattorneygeneral.gov](https://www.texasattorneygeneral.gov/es/node/279731?utm_source=openai))

Recommended Protective Actions

If you received a data exposure notification, take these steps now to reduce risk and strengthen identity theft prevention:

• Enroll in any complimentary credit monitoring or identity protection offered in your letter and activate alerts across your credit files.
• Place a temporary fraud alert or a full credit freeze with the major credit bureaus; consider freezes for specialty bureaus (e.g., for telecom/utilities) to block new-account fraud.
• Review recent and future Explanation of Benefits (EOBs) and medical bills for unfamiliar services; report discrepancies to your provider and Cigna.
• Rotate passwords for your health plan, provider portals, and email; enable multi-factor authentication everywhere it’s offered.
• If your Social Security number was involved, monitor your tax transcripts and consider requesting an IRS Identity Protection PIN before the next filing season.
• Keep copies of all letters and expenses (postage, time, professional help) in case of reimbursement through class action litigation or insurer/vendor support programs.

Member notices tied to this incident have included instructions for credit monitoring enrollment and dedicated support lines; follow the directions in your individualized letter. ([bedfordcsd.zendesk.com](https://bedfordcsd.zendesk.com/hc/en-us/articles/42148378890516-Cigna-Healthcare-Privacy-Incident?utm_source=openai))

Timeline of Events

• July 31–August 3, 2023: Prospect Medical Holdings ransomware incident disrupts hospital operations and exposes PHI; notifications follow into 2024. ([oag.ca.gov](https://oag.ca.gov/ecrime/databreach/reports/sb24-574490?utm_source=openai))
• October 21, 2024–January 13, 2025: Unauthorized third party accesses the vendor’s environment handling Cigna Payment Integrity files. ([conduent.com](https://www.conduent.com/incident-notice/data-incident-1/?utm_source=openai))
• January 15, 2025: Cigna is notified of the vendor’s unauthorized access incident. ([databreaches.net](https://databreaches.net/2025/12/10/should-entities-be-required-to-disclose-the-name-of-a-vendor-if-the-breach-was-at-the-vendors/?utm_source=openai))
• September 3, 2025: Vendor confirms Cigna data was impacted; September 23–29, 2025: affected Cigna members are identified for notification. ([databreaches.net](https://databreaches.net/2025/12/10/should-entities-be-required-to-disclose-the-name-of-a-vendor-if-the-breach-was-at-the-vendors/?utm_source=openai))
• October 2025: Public reporting and state submissions indicate the vendor incident affected millions across multiple clients; notifications expand. ([hipaajournal.com](https://www.hipaajournal.com/conduent-business-solutions-data-breach/?utm_source=openai))
• December 18, 2025: Proposed class action filed against Cigna over the vendor breach window. ([law360.com](https://www.law360.com/connecticut/articles/2423746/cigna-faces-class-claims-over-vendor-data-breach?utm_source=openai))
• February 12, 2026: Texas Attorney General announces investigation into Conduent over the 2024–2025 unauthorized access incident. ([texasattorneygeneral.gov](https://www.texasattorneygeneral.gov/es/node/279731?utm_source=openai))

Official Communications and Resources

Rely on official communications addressed to you: Cigna’s mailed notices, secure portal messages, and EOBs. Your individualized letter will include enrollment details for any complimentary identity protection and a dedicated support number. You can also contact Cigna using the number on your member ID card to verify a letter’s authenticity and review recent claims.

Vendors implicated in healthcare data incidents often publish public notices and establish call centers; Conduent reported securing systems, engaging forensic experts, and notifying law enforcement following the 2024–2025 unauthorized access incident. Cigna maintains legal and privacy information pages outlining how it protects health care data and handles privacy inquiries. ([conduent.com](https://www.conduent.com/incident-notice/data-incident-1/?utm_source=openai))

FAQs

What personal data was compromised in the Cigna 2024 breach?

For affected members, exposed data could include name, health care ID, dates of service, treatment cost, and claim numbers; in some cases, Social Security numbers were also involved. The impacted files were associated with Payment Integrity overpayment/recovery activities handled by a third-party vendor. Not every data element was present for every person. ([databreaches.net](https://databreaches.net/2025/12/10/should-entities-be-required-to-disclose-the-name-of-a-vendor-if-the-breach-was-at-the-vendors/?utm_source=openai))

How can affected individuals monitor for identity theft?

Activate any free credit monitoring offered in your notification, then place fraud alerts or credit freezes with the major bureaus. Review EOBs and provider bills for unfamiliar charges, enable multi-factor authentication on health portals and email, and consider requesting an IRS IP PIN if your SSN was exposed. Keep records of time and expenses related to mitigation for potential reimbursement through litigation or support programs.

What legal actions are underway regarding the data breach?

As of February 19, 2026, at least one proposed class action targets Cigna over the vendor breach window, while numerous suits and regulatory inquiries focus on the vendor itself. The Texas Attorney General has opened an investigation, and industry reporting indicates the total population impacted across clients continues to be refined. ([law360.com](https://www.law360.com/connecticut/articles/2423746/cigna-faces-class-claims-over-vendor-data-breach?utm_source=openai))

What steps is Cigna taking to prevent future breaches?

Cigna reports investigating the incident with its vendor, supporting law enforcement involvement, notifying affected members, and offering identity protection where appropriate. The vendor states it secured systems and engaged forensic experts. Expect ongoing vendor risk reviews, enhanced healthcare vendor security controls, and continued regulatory compliance reporting as investigations proceed. ([databreaches.net](https://databreaches.net/2025/12/10/should-entities-be-required-to-disclose-the-name-of-a-vendor-if-the-breach-was-at-the-vendors/?utm_source=openai))