Healthcare Interactive (HCIactive)
Data Breach Class Action Lawsuit

Posted: December 5, 2025 -- Attention, victims of the Healthcare Interactive (HCIactive) data breach.

Abington Cole + Ellery is investigating the data breach recently announced by Healthcare Interactive (HCIactive).

Healthcare Interactive (HCIactive) Data Breach Summary:

Approximately 87,000 individuals were affected by the Healthcare Interactive (HCIactive) data breach, and breached data may include, but is not necessarily limited to: name; date of birth; email address; phone number; mailing address; Social Security number; blood results and/or biometric data; health insurance enrollment data (such as health plans/policies, insurance companies, and member/group ID numbers); medical data (such as medical record numbers, doctors, diagnoses, care, prescription information, and treatment); and health insurance claims data (such as claim numbers, account numbers, explanation of benefits, and billing codes).

If you are a victim of the Healthcare Interactive (HCIactive) data breach, and interested in potentially volunteering to serve as a class representative in a class action lawsuit against Healthcare Interactive (HCIactive), please submit your information here to be considered:

An attorney-client relationship is not formed by submitting information through this website.

Healthcare Interactive (HCIactive) Data Breach Details:

In June 2025, HCIactive, a Maryland-based provider of health and insurance management software, detected unauthorized access to its network following suspicious activity identified on or about July 22, 2025. An investigation reportedly revealed that an unauthorized external party copied sensitive files containing personal and health-related data from on or about July 8 to on or about July 12, 2025, affecting approximately 87,000 individuals, though the precise number of data breach notifications varied based on confirmed data exposure.

The breach apparently stemmed from a security vulnerability exploited by an unauthorized external party; in response, HCIactive purportedly isolated affected systems, enhanced security protocols, notified relevant regulators. HCIactive is offering affected parties 12 months of complimentary credit monitoring through a TransUnion affiliate, alongside guidance on obtaining free credit reports and placing fraud alerts or freezes with major bureaus.

Additional information about the Healthcare Interactive (HCIactive) data breach may be found here: Healthcare Interactive (HCIactive) Data Breach Notification, and here: Healthcare Interactive (HCIactive) Notice of Data Privacy Event. The Healthcare Interactive (HCIactive) Website may also have additional information about or provide periodic updates regarding the data breach.

About Healthcare Interactive (HCIactive):

HCIactive, Inc. is a software company founded in 2006 and headquartered at 6011 University Blvd, Suite 360, Ellicott City, Maryland, 21043. It operates in the insurance technology sector, providing middleware platforms for group and individual policy management, including enrollment, quoting, and compliance processes. Its primary product is the Healthspace Cloud platform, which integrates AI for insurance administration, alongside tools such as SmartBenefits.ai for benefits navigation, QUOTE.ai for risk assessment, ENROLL.ai for enrollment, and ENGAGE.ai for care coordination. Additional offerings include customizable portals for members, providers, HR teams, and agencies, as well as wellness and compliance modules like QEE for incentive management.

In 2025, the company acquired PopSpring Wellness and announced advancements in AI for security, privacy, and compliance in insurance systems. HCIactive serves insurers, third-party administrators, brokers, agencies, employers, and healthcare providers, supporting standards like FHIR for Medicare Advantage interoperability.

For more information about steps you can take to possibly reduce the chances harm arising from a data breach, please review the following article: What are some steps you can take if you've been the victim of a data breach?

If you believe you are a victim of the Healthcare Interactive data breach, and if you would like to volunteer to serve as a class representative in a class action lawsuit regarding this data breach, please submit your information via the form on this webpage. This website is not associated with nor authorized by Healthcare Interactive or any affiliated companies. If you have received any other data breach notifications, you may to review Abington Cole + Ellery's current list of data breach investigations.