Persante Health Care Data Breach 2025 (INC Ransom): 111,815 Sleep-Study Patients Exposed. Kroll Credit Monitoring Offered. What To Do
Persante Health Care, a New Jersey-based sleep and balance center management business associate, reported 111,815 individuals affected by an INC Ransom intrusion in January 2025. Notification letters went out November 26, 2025. Kroll identity monitoring (24 months) is offered. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Jan 23, 2025
Unauthorized access to Persante's network begins (per forensic investigation).
Jan 28, 2025
Persante detects unusual network activity, engages third-party cybersecurity experts, and notifies the FBI; access window confirmed to have closed the same day.
Oct 3, 2025
Data review concludes; Persante confirms personal and protected health information was involved and identifies INC Ransom as the threat actor.
Nov 26, 2025
Persante posts substitute notice on persante.com, issues PR Newswire press release, begins mailing individual notification letters, and files with AGs in at least 14 states.
Nov 26, 2025
Persante reports the breach to HHS OCR — 111,815 affected, Hacking/IT Incident at Network Server, Business Associate.
Jan 23, 2025
Unauthorized access to Persante's network begins (per forensic investigation).
Jan 28, 2025
Persante detects unusual network activity, engages third-party cybersecurity experts, and notifies the FBI; access window confirmed to have closed the same day.
Oct 3, 2025
Data review concludes; Persante confirms personal and protected health information was involved and identifies INC Ransom as the threat actor.
Nov 26, 2025
Persante posts substitute notice on persante.com, issues PR Newswire press release, begins mailing individual notification letters, and files with AGs in at least 14 states.
Nov 26, 2025
Persante reports the breach to HHS OCR — 111,815 affected, Hacking/IT Incident at Network Server, Business Associate.
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
Persante Health Care is a Mount Laurel Township, New Jersey-based national provider of home sleep testing and sleep/balance center management services to hospitals and physician practices, which makes it a HIPAA business associate to many of the providers whose patients it serves. On November 26, 2025, Persante reported a Hacking/IT Incident at a Network Server to the HHS Office for Civil Rights, affecting 111,815 individuals, and began mailing notification letters the same day. The intrusion itself occurred almost ten months earlier, between January 23 and January 28, 2025, and has been attributed by trade press and aggregators to INC Ransom, a ransomware-as-a-service group that has been among the top three most active ransomware operations targeting healthcare organizations in North America.
Persante simultaneously filed notifications with attorneys general in at least 14 states, including California, Iowa, Maine, Massachusetts, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, South Carolina, Texas, Vermont, and Washington. The Massachusetts AG disclosure notes 39 Massachusetts residents were affected; the New Hampshire AG filing notes at least nine New Hampshire residents were impacted.
Timeline
- January 23 – 28, 2025 — Unauthorized access to Persante’s network (intrusion window confirmed by forensic investigation).
- January 28, 2025 — Persante detects unusual network activity, engages third-party cybersecurity experts, and notifies the FBI.
- October 3, 2025 — File review concludes; Persante confirms that personal and protected health information was involved.
- November 26, 2025 — Persante publishes its notice of data security incident on persante.com, begins mailing individual notification letters, and files with state attorneys general (the New Hampshire DOJ filing is dated the same day).
- November 26, 2025 — Persante files with HHS OCR: 111,815 affected, Hacking/IT Incident at Network Server, Business Associate.
What was exposed
Per Persante’s substitute notice and the New Hampshire AG notification, the specific elements involved varied by individual; the categories that may have been exposed include:
- Name, date of birth, Social Security number.
- Driver’s license number, state identification number, passport number, other government-issued ID, Individual Taxpayer Identification Number (ITIN).
- Date(s) of medical service, physician or medical facility information, medical condition, treatment, and diagnosis information.
- Medicare or Medicaid number, individual health insurance policy number.
- Financial account number, payment card number.
- Patient account number, medical record number, medical device identifier(s), biometric identifier(s).
Your individual notification letter is the authoritative list of which of these elements were exposed for you.
Who’s notifying you (BA)
Persante is a business associate. Most affected people are patients of a hospital or physician practice that contracted with Persante for home sleep testing or sleep/balance center management — they likely have never heard of Persante directly. Practically, that means:
- Your notification letter may arrive on Persante Health Care letterhead even if your sleep study was scheduled through your own doctor or hospital.
- The provider that ordered your sleep study may or may not send its own separate communication.
- Persante is offering 24 months of complimentary identity monitoring services through Kroll, a global risk-mitigation firm. The package includes single-bureau credit monitoring, fraud consultation, and identity theft restoration services. Enrollment instructions and your membership number are inside the notification letter mailed November 26, 2025. To activate, visit the Kroll enrollment portal at the URL specified in your letter or contact
info.krollmonitoring.com. The activation deadline is stated in your individual letter; do not let it lapse, given the breadth of data involved.
Class-action posture
No filed class action has been publicly docketed as of this update. Multiple plaintiff firms — including Strauss Borrelli PLLC, Federman & Sherwood, Levi & Korsinsky, Barnow and Associates, and Shamis & Gentile P.A. — have announced investigations into potential claims against Persante for failing to safeguard personal and protected health information and for the roughly ten-month gap between intrusion (January 2025) and individual notification (November 2025). Expect proposed class complaints to be filed in federal court in New Jersey if and when they materialize; this page will be updated when a case is docketed.
What to do
- Read the letter carefully. It will identify which data elements were exposed for you specifically, supply your Kroll membership number, and state the enrollment deadline.
- Enroll in Kroll’s 24-month identity monitoring before the deadline stated in your letter. The package includes credit monitoring, fraud consultation, and identity theft restoration. Given that SSN, driver’s license, passport, and ITIN are all in scope, this is the higher-value remediation step.
- Freeze your credit with Equifax, Experian, and TransUnion. It is free, takes about ten minutes per bureau, and is the most effective single step against new-account fraud. Credit monitoring tells you after the fact; a freeze blocks new accounts upstream.
- File for an IRS Identity Protection PIN. SSN and ITIN exposure together are the exact combination used to file fraudulent tax returns. An IP PIN from the IRS blocks that vector for each filing season.
- Watch for medical-identity misuse. Because diagnosis, treatment, Medicare/Medicaid, and health-insurance data were involved, scrutinize Explanation of Benefits statements and request a one-time medical-records audit from your providers if anything looks unfamiliar.
- Verify all communications. Phishing referencing “Persante” and “sleep study data breach” is predictable now that the breach is public. Confirm any enrollment link through the printed letter or persante.com’s notice page, not through email or SMS links.
- Stop the ongoing flow of your sleep-study and diagnostic data. HealthConsent files HIPAA restriction requests so the medical condition, treatment, and diagnosis information exposed in this breach is not continuously re-shared across the networks of hospitals, insurers, and health information exchanges that Persante served as a business associate.
Sources
- Persante Health Care — Notice of Data Security Incident — entity’s own substitute notice.
- HHS Office for Civil Rights Breach Portal — federal regulatory record: 111,815 affected, Hacking/IT Incident at Network Server, Business Associate, filed November 26, 2025.
- PR Newswire — Persante Health Care Notifies Individuals of Data Security Incident (Nov 26, 2025) — Persante’s official press release confirming the notification date and Kroll identity protection offer.
- HIPAA Journal — Patient Data Compromised in Cyberattacks on Sleep Specialists — trade-press confirmation of intrusion window (Jan 23–28, 2025), detection (Jan 28, 2025), data-review completion (Oct 3, 2025), notification date, FBI involvement, and INC Ransom attribution.
- ClassAction.org — Persante Health Care Data Breach — independent confirmation of population size, data categories, and INC Ransom attribution.
- ClassAction.org — Persante Health Care Notification Letter (PDF) — full text of notification letter confirming Kroll as credit monitoring vendor, 24-month duration, and service details.
- New Hampshire Department of Justice — Persante Health Care Notification (Nov 26, 2025) — state attorney general filing confirming at least 9 NH residents affected.
- Massachusetts Attorney General — Data Breach Notification Letters November 2025 (case 2025-2008) — MA AG filing confirming 39 Massachusetts residents affected.
- Strauss Borrelli PLLC — Persante Health Care Data Breach Investigation — plaintiff-firm investigation announcement confirming dates, data categories, and ongoing class-action investigation posture.
- Federman & Sherwood — Persante Health Care Data Breach Investigation (Dec 22, 2025) — second plaintiff-firm investigation confirming HHS OCR filing details and class-action posture.
- ClaimDepot — Persante Health Care Data Breach — aggregator tracking 14 state AG filings and INC Ransom attribution.
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- Persante Health Care — Notice of Data Security Incident
- HHS Office for Civil Rights Breach Portal
- PR Newswire — Persante Health Care Notifies Individuals of Data Security Incident (Nov 26, 2025)
- HIPAA Journal — Patient Data Compromised in Cyberattacks on Sleep Specialists
- ClassAction.org — Persante Health Care Data Breach Exposes Medical, Personal Information
- ClassAction.org — Persante Health Care Notification Letter (PDF)
- New Hampshire Department of Justice — Persante Health Care Notification (Nov 26, 2025)
- Massachusetts Attorney General — Data Breach Notification Letters November 2025 (case 2025-2008)
- Strauss Borrelli PLLC — Persante Health Care Data Breach Investigation
- Federman & Sherwood — Persante Health Care Data Breach Investigation (Dec 22, 2025)
- ClaimDepot — Persante Health Care Data Breach (state AG filing tracker)
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.