By Join The Case · Published November 21, 2025 · Updated November 21, 2025 · 7 min read

Dapeer Law, P.A., a top-rated class action law firm, is investigating the OncoHealth data breach. If you received notice that your information was exposed during this breach, you may be entitled to compensation. It's free to join our investigation to see if we can help you recover.

See Featured Articles

Were you hired to help train AI models?

Received a Parking Ticket Notice in the Mail from Parking Revenue Recovery Services?

The Washington Post Data Breach: SSNs Exposed

Late-Night and Early-Morning Unwanted Text Messages

Harvard University Data Breach Lawsuit Investigation

OncoHealth Data Breach Lawsuit Investigation

Q: How do I submit a claim related to the OncoHealth data breach?

No settlement has been announced. If you suffered fraud or financial losses, preserve all documentation and consult an attorney to review potential claims.

Q: Am I eligible to join a lawsuit against OncoHealth?

Eligibility depends on state law, your damages, and whether a class action is certified. Talking with a lawyer can clarify your rights.

Q: Did OncoHealth offer credit monitoring?

The official notice does not offer complimentary credit monitoring. It outlines security improvements and member guidance instead.

Q: How many people were affected by the OncoHealth breach?

OncoHealth’s filing with the Maine Attorney General did not disclose the total number of affected individuals.

On November 20, 2025, OncoHealth reported a phishing incident to the Maine Attorney General after discovering that certain Humana member information had been emailed to an impersonator’s Zendesk account. If you received a breach notice, you may have legal rights and time-sensitive steps to take—review the details below and act promptly to protect yourself.

Key Takeaways

Incident type: Phishing via a fraudulent Zendesk customer-service account.
Breach window: August 26 – September 5, 2025 (identified September 4).
Notice mailed: October 14, 2025; regulator filing: November 20, 2025.
Data exposed: Name, date of birth, Humana member ID, authorization number (no Social Security or financial data).
Current status: Fraudulent account disabled and additional security controls implemented.

What Happened?

OncoHealth, Inc (OncoHealth) partners with Humana to manage medical oncology prior authorizations. During an email distribution on August 26, 2025, an unauthorized Zendesk account was mistakenly copied, causing a file that contained protected health information (PHI) to be delivered to the impersonator as well as the intended Humana recipients. OncoHealth detected the issue on September 4, 2025 and deactivated the rogue account by September 5. No Social Security numbers or banking details were included in the affected file.

Detailed Timeline

August 26, 2025 – Fraudulent Zendesk account receives email with PHI.
September 4, 2025 – OncoHealth discovers the unauthorized exposure.
September 5, 2025 – Impersonator account disabled; incident contained.
October 14, 2025 – Consumer notification letters mailed.
November 20, 2025 – Breach filed with Maine Attorney General.

What Information Was Involved?

The following data elements were listed in the Maine regulator filing:

First and last name
Date of birth
Humana identification number
Authorization number

OncoHealth confirmed that Social Security numbers and financial account information were not part of the incident.

Actions Taken by OncoHealth

According to the notice, OncoHealth has:

Enhanced internal access controls.
Increased employee security-awareness initiatives.
Updated Zendesk system protections and training materials.

Steps You Can Take Now

OncoHealth states it has no evidence of misuse but recommends that affected members follow the additional guidance enclosed with the notification letter. Common precautions include monitoring explanation-of-benefit statements and safeguarding personal credentials.

Download the Official Notice

For full details, view the filing submitted to the Maine Attorney General:

Download Official Breach Notice (PDF)

Company Overview

Industry: Digital health
Founded: 2009
Headquarters: 7000 Central Parkway, Suite 1750, Atlanta, Georgia, United States
Website: oncohealth.us
LinkedIn: linkedin.com/company/oncohealth

Frequently Asked Questions

I received a data breach letter from OncoHealth — what should I do?

If you received the October 14, 2025 letter, read it carefully and follow the recommended precautions. Keep the notice with your records and monitor any health-plan statements for unfamiliar activity.

How do I submit a claim related to the OncoHealth data breach?

At this time, no class-action settlement has been announced. If you experienced fraud or out-of-pocket losses linked to the incident, preserve documentation and consult a qualified attorney to explore your options.

Am I eligible to join a lawsuit against OncoHealth?

Eligibility will depend on factors such as state law, the nature of your damages, and whether a class action is certified. Speaking with counsel can clarify your specific rights.

What information did the OncoHealth breach expose?

Names, dates of birth, Humana member IDs, and authorization numbers. Social Security numbers and financial data were not involved.

Did OncoHealth offer credit monitoring?

The notice does not mention complimentary credit-monitoring services. It highlights OncoHealth’s internal security improvements and provides guidance for members to protect themselves.

How many people were affected by the OncoHealth breach?

The regulatory filing did not list the total number of impacted individuals.

How can I get the official breach notice (PDF) for OncoHealth?

You can download the filing directly from the Maine Attorney General’s website using the button above.