MedImpact – Data Breach Investigation
In this age of technology, amidst a world of encroaching cybersecurity threats, your personal information is more vulnerable than ever. Cafferty Clobes Meriwether & Sprengel has the experience and expertise litigating data breach matters, providing compensation to victims of data breaches, and requiring businesses to enhance their data security practices to protect their consumers. If you think your information may have been compromised in a data breach, please call us at 312.782.4880 or reach us via email at sfifer@caffertyclobes.com.
MedImpact is a pharmacy benefit management company located in San Diego, California. MedImpact provides third-party administration for prescription drug programs, acting as an intermediary between health plans, employers, and pharmaceutical companies, whose primary functions include processing prescription claims, negotiating discounts and rebates with drug manufacturers, and developing drug formularies (lists of covered drugs). MedImpact provides pharmacy benefit management services to its client-pharmacies across the United States
On October 27, 2025, MedImpact experienced a data breach that may have exposed sensitive personal and health related information belonging to its client-pharmacies’ current and former employees. The notorious Russian cybercriminal gang Qilin claimed responsibility for the data breach and posted information on the Dark Web.
MedImpact has not disclosed that total number of individuals were affected by the breach. The compromised information may include names, Social Security numbers, driver’s license numbers, and protected health information such as diagnoses, medications, and other treatments.
The recent MedImpact data breach is a serious matter that could inflict far-reaching consequences for those affected. The exposure of personally identifiable information, especially names and Social Security numbers, poses a significant risk of identity theft, such as criminals opening financial accounts, taking out loans, filing fraudulent tax returns, and obtaining government services in the victim’s name. Personally identifiable information can also be exposed on the Dark Web, which poses a serious threat toward the privacy and safety of many individuals. According to a recent FTC survey, the total cost of identity theft is nearly $50 billion per year, with victims losing an average of nearly $5,000 from the misuse of their personal and financial information. The exposure of protected medical information can pose an even greater danger of identity theft—such as obtaining medical services in the victim’s name, which will be charged to the victim.
Current and former employees of MedImpact’s clients may face an increased risk of fraud and identity theft and are advised to closely monitor their financial accounts and personal information for any suspicious activity. You could be at risk of incurring additional out-of-pocket costs for purchasing credit monitoring services, credit freezes, credit reports, or other protective measures to deter and detect identity theft.
Cafferty Clobes Meriwether & Sprengel has the experience and expertise litigating data breach matters, providing compensation to victims of data breaches, and requiring businesses to enhance their data security practices to protect their consumers. If you suspect your sensitive personal and/or health related information may have been compromised in the MedImpact data breach, you must take action to protect both your personal and financial well-being. Please call us at 312.782.4880 or reach us via email at sfifer@caffertyclobes.com.
Contact Us
October 31, 2025Share on Social Media