Forward Health – National Databank for Rheumatic Diseases Data Breach Lawsuit Investigation
File Your Claim Now

Dapeer Law, P.A., a top-rated class action law firm, is investigating the Forward Health – National Databank for Rheumatic Diseases data breach. If you received notice that your information was exposed during this breach, you may be entitled to compensation. It's free to join our investigation to see if we can help you recover.

Forward Health Data Breach Lawsuit Investigation

Download Official Breach Notice (PDF)

Did you receive a letter from Forward Health about a cyber-attack? Hackers may now have your Social Security number, detailed medical records, and more. Learn how to secure your identity and find out if you can pursue compensation.

What Happened in the Forward Health Data Breach?

On March 21, 2025, Forward Health—officially known as Forward, The National Databank for Rheumatic Diseases—detected suspicious activity inside its network. A forensic investigation later confirmed that unauthorized actors accessed the system between March 17 and March 22, 2025, potentially viewing or exfiltrating confidential research-participant files.

The breach was first disclosed publicly on June 19, 2025, and Forward began mailing notification letters on July 22, 2025. Regulatory filings show at least 38 residents in Maine were affected, with additional notices filed in Massachusetts and other states.

What Information Was Exposed?

The compromised folders contained an unusually broad mix of personally identifiable information (PII) and protected health information (PHI). Forward Health has confirmed that one or more of the following data elements may have been involved:

  • Full names & contact details
  • Social Security numbers
  • Dates of birth & addresses
  • Government-issued identification numbers
  • Medical history, diagnoses & treatment information
  • Disability and prescription details
  • Names of treating or referring physicians
  • Medical record numbers
  • Financial or payment information

Because both SSNs and detailed medical records were exposed, victims face heightened risks of traditional identity theft and medical fraud.

How Forward Health Responded

Immediately after discovering the intrusion, Forward isolated affected systems and hired third-party cybersecurity experts to investigate. The organization reports that it has:

  • Secured and monitored its network infrastructure
  • Updated internal security policies and procedures
  • Notified federal and state regulators
  • Offered 24 months of complimentary credit and identity-theft monitoring through Cyberscout (a TransUnion company)

An incident call center has been set up for questions at 1-833-380-7005.

Steps You Should Take Right Now

If you received Forward’s breach notice—or suspect you were involved—consider these immediate protective measures:

  • Enroll in Cyberscout’s free 24-month credit monitoring and fraud-resolution services.
  • Review your bank, credit-card, and medical-benefit statements for unfamiliar charges.
  • Obtain free annual credit reports at AnnualCreditReport.com and look for errors.
  • Place a fraud alert (good for 1 year) or a credit freeze (until lifted) with each major credit bureau.
  • Report suspected identity theft to the FTC and local law enforcement.

Your Legal Options: Data Breach Lawsuit Investigation

Under U.S. privacy and consumer-protection laws, organizations that fail to safeguard sensitive data may be liable for resulting damages. Attorneys are currently evaluating claims that Forward Health did not adequately protect participant information or provide timely breach notification.

Potential compensation in data breach cases can include:

  • Reimbursement for out-of-pocket expenses (credit-monitoring, identity-theft services, etc.)
  • Repayment of fraudulent charges
  • Time spent remedying identity theft or fraud
  • Enhanced credit-monitoring beyond the 24 months already offered
  • Statutory or punitive damages where allowed by state law

If you were notified by Forward Health, you may qualify to join a class action lawsuit. Keep copies of your breach notice, police/FTC reports, and any records of fraudulent activity—these documents can strengthen your claim.

Frequently Asked Questions

How did Forward Health discover the data breach?

Forward detected suspicious network activity on March 21, 2025, and immediately launched a forensic investigation, which confirmed unauthorized access between March 17-22.

Has Forward Health confirmed how many people are affected?

The organization has not released a nationwide count. Regulatory filings confirm at least 38 Maine residents, indicating the total number is likely much higher.

Is the free credit monitoring from Forward Health enough protection?

While helpful, credit monitoring alone cannot stop identity theft. Experts recommend combining it with a credit freeze, regular statement reviews, and prompt action on any suspicious activity.

Can I still join the Forward Health data breach lawsuit if I lost my notice letter?

Yes. Attorneys can often verify eligibility through other documentation or by confirming your participation in Forward’s research programs. Contact a qualified data-breach lawyer for guidance.

Speak With a Data-Breach Attorney

Attorney Advertising. Prior results do not guarantee a similar outcome.

File Your Claim Now