Conifer Value-Based Care Data Breach: SSNs Exposed
By Join The Case · Published December 18, 2025 · Updated December 18, 2025 · 8 min read
File Your Claim Now

Dapeer Law, P.A., a top-rated class action law firm, is investigating the Conifer Value-Based Care data breach. If you received notice that your information was exposed during this breach, you may be entitled to compensation. It's free to join our investigation to see if we can help you recover.

See Featured Articles
Petco Data Breach Affects Subscriber Privacy Petco Data Breach Affects Subscriber Privacy Were you hired to help train AI models? Were you hired to help train AI models? Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services? Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services? The Washington Post Data Breach: SSNs Exposed The Washington Post Data Breach: SSNs Exposed Late-Night and Early-Morning Unwanted Text Messages Late-Night and Early-Morning Unwanted Text Messages

Conifer Value-Based Care Data Breach Lawsuit Investigation

Notice mailed December 18, 2025: Healthcare administrator Conifer Value-Based Care alerted patients that an unauthorized party accessed one employee’s Microsoft Office 365 email account in late August 2025. If you received a letter, secure your information and explore your legal rights by requesting a free, confidential case review today.

What Happened?

Conifer Value-Based Care, LLC (Conifer Value-Based Care) determined that an unauthorized third party accessed a company-managed Microsoft Office 365 business email account on and . The account is separate from Conifer’s internal network and systems, which, according to the company, were not affected.

Conifer learned of the intrusion on August 28 and immediately contained the threat, launched an investigation, and began a detailed review to identify impacted individuals and their healthcare providers or health plans. That review concluded on , and Conifer notified providers and health plans on . Address verification for potentially affected individuals finished on , with individual notification letters mailed beginning .

What Information Was Involved?

The review found that one or more of the following personal data elements may have been present in the compromised mailbox. Conifer’s notice stresses that not every element applied to every person and that none of the items below were involved:

  • Social Security numbers
  • Driver’s license or state identification numbers
  • Credit or debit card information
  • Financial account information
  • Account passwords

Some information may relate to guarantors—individuals who agree to pay medical bills on behalf of a patient.

How Conifer Responded

According to the notice, Conifer:

  • Promptly contained the unauthorized access and remediated the affected email account.
  • Engaged in an investigation to determine the scope of the incident.
  • Continues to enhance security controls and monitoring practices to reduce the likelihood of similar events.

Recommended Actions for Patients

While Conifer reports no evidence of misuse, the company urges patients to:

  • Carefully review healthcare provider and insurance statements for unfamiliar activity.
  • Report any questionable charges directly to the relevant provider or insurer.
  • Consult the reference guide enclosed with the mailed notice for additional protective measures.
Download Official Breach Notice (PDF)

Timeline of Key Events

  • August 28–29, 2025: Unauthorized access to employee email account.
  • August 28, 2025: Incident discovered; containment actions initiated.
  • November 10, 2025: Review of potentially affected data concluded.
  • November 14, 2025: Providers and health plans notified.
  • December 5, 2025: Address verification completed.
  • December 18, 2025: Consumer notification letters mailed and breach reported to California Attorney General.

Company Overview

Conifer Value-Based Care is part of Conifer Health Solutions, a healthcare services provider that helps hospitals, healthcare systems, physician groups, and health plans manage value-based care initiatives.

Frequently Asked Questions

I received a data breach letter from Conifer Value-Based Care — what should I do?

Review the letter and the enclosed reference guide, monitor healthcare and insurance statements for unauthorized activity, and promptly report any discrepancies to your provider or insurer.

How do I submit a claim related to the Conifer Value-Based Care data breach?

If you experienced financial or identity-related harm linked to this incident, preserve all documentation and consider consulting with a qualified data-privacy attorney about potential legal remedies.

Am I eligible to join a lawsuit against Conifer Value-Based Care?

Eligibility depends on factors such as whether your personal information was compromised and whether you suffered losses. An attorney can evaluate your circumstances at no cost.

What information did the Conifer Value-Based Care breach expose?

The compromised email account contained patient information; however, Social Security numbers, driver’s license numbers, payment card data, financial account numbers, and passwords were not involved.

Did Conifer Value-Based Care offer credit monitoring?

The notice does not mention complimentary credit-monitoring services. Instead, it provides a reference guide outlining steps patients can independently take to protect their information.

How many people were affected by the Conifer Value-Based Care breach?

Conifer did not disclose the exact number of impacted individuals in the publicly available notice filed with the California Attorney General.

How can I get the official breach notice (PDF) for Conifer Value-Based Care?

You can download the California filing directly using the button above or via the state attorney general’s website.

Attorney Advertising. Prior results do not guarantee a similar outcome.

File Your Claim Now