Active breach tracker Mt. Laurel Township, New Jersey Disclosed November 26, 2025

Persante Health Care Data Breach 2025 (INC Ransom): 111,815 Sleep-Study Patients Exposed. Kroll Credit Monitoring Offered. What To Do

Persante Health Care, a New Jersey-based sleep and balance center management business associate, reported 111,815 individuals affected by an INC Ransom intrusion in January 2025. Notification letters went out November 26, 2025. Kroll identity monitoring (24 months) is offered. Here is what to do.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Jan 23, 2025

Unauthorized access to Persante's network begins (per forensic investigation).

Jan 28, 2025

Persante detects unusual network activity, engages third-party cybersecurity experts, and notifies the FBI; access window confirmed to have closed the same day.

Oct 3, 2025

Data review concludes; Persante confirms personal and protected health information was involved and identifies INC Ransom as the threat actor.

Nov 26, 2025

Persante posts substitute notice on persante.com, issues PR Newswire press release, begins mailing individual notification letters, and files with AGs in at least 14 states.

Nov 26, 2025

Persante reports the breach to HHS OCR — 111,815 affected, Hacking/IT Incident at Network Server, Business Associate.

Data exposed

01

High-risk identity

Enables financial + identity theft

Date of birth Social Security number Driver's license number Passport number Biometric identifier

02

Health records

Don't expire and can't be reissued

Medical condition, treatment, and diagnosis information Medical record number

03

Contact & insurance

Phishing + targeted scams

Name State identification number Other government-issued identification number Individual Taxpayer Identification Number (ITIN) Date(s) of medical service Physician or medical facility information Medicare or Medicaid number Individual health insurance policy number Financial account number Payment card number Patient account number Medical device identifier

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Strauss Borrelli PLLC (investigating) Federman & Sherwood (investigating) Levi & Korsinsky (investigating) Barnow and Associates (investigating) Shamis & Gentile P.A. (investigating)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

Persante Health Care is a Mount Laurel Township, New Jersey-based national provider of home sleep testing and sleep/balance center management services to hospitals and physician practices, which makes it a HIPAA business associate to many of the providers whose patients it serves. On November 26, 2025, Persante reported a Hacking/IT Incident at a Network Server to the HHS Office for Civil Rights, affecting 111,815 individuals, and began mailing notification letters the same day. The intrusion itself occurred almost ten months earlier, between January 23 and January 28, 2025, and has been attributed by trade press and aggregators to INC Ransom, a ransomware-as-a-service group that has been among the top three most active ransomware operations targeting healthcare organizations in North America.

Persante simultaneously filed notifications with attorneys general in at least 14 states, including California, Iowa, Maine, Massachusetts, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, South Carolina, Texas, Vermont, and Washington. The Massachusetts AG disclosure notes 39 Massachusetts residents were affected; the New Hampshire AG filing notes at least nine New Hampshire residents were impacted.

Timeline

  • January 23 – 28, 2025 — Unauthorized access to Persante’s network (intrusion window confirmed by forensic investigation).
  • January 28, 2025 — Persante detects unusual network activity, engages third-party cybersecurity experts, and notifies the FBI.
  • October 3, 2025 — File review concludes; Persante confirms that personal and protected health information was involved.
  • November 26, 2025 — Persante publishes its notice of data security incident on persante.com, begins mailing individual notification letters, and files with state attorneys general (the New Hampshire DOJ filing is dated the same day).
  • November 26, 2025 — Persante files with HHS OCR: 111,815 affected, Hacking/IT Incident at Network Server, Business Associate.

What was exposed

Per Persante’s substitute notice and the New Hampshire AG notification, the specific elements involved varied by individual; the categories that may have been exposed include:

  • Name, date of birth, Social Security number.
  • Driver’s license number, state identification number, passport number, other government-issued ID, Individual Taxpayer Identification Number (ITIN).
  • Date(s) of medical service, physician or medical facility information, medical condition, treatment, and diagnosis information.
  • Medicare or Medicaid number, individual health insurance policy number.
  • Financial account number, payment card number.
  • Patient account number, medical record number, medical device identifier(s), biometric identifier(s).

Your individual notification letter is the authoritative list of which of these elements were exposed for you.

Who’s notifying you (BA)

Persante is a business associate. Most affected people are patients of a hospital or physician practice that contracted with Persante for home sleep testing or sleep/balance center management — they likely have never heard of Persante directly. Practically, that means:

  • Your notification letter may arrive on Persante Health Care letterhead even if your sleep study was scheduled through your own doctor or hospital.
  • The provider that ordered your sleep study may or may not send its own separate communication.
  • Persante is offering 24 months of complimentary identity monitoring services through Kroll, a global risk-mitigation firm. The package includes single-bureau credit monitoring, fraud consultation, and identity theft restoration services. Enrollment instructions and your membership number are inside the notification letter mailed November 26, 2025. To activate, visit the Kroll enrollment portal at the URL specified in your letter or contact info.krollmonitoring.com. The activation deadline is stated in your individual letter; do not let it lapse, given the breadth of data involved.

Class-action posture

No filed class action has been publicly docketed as of this update. Multiple plaintiff firms — including Strauss Borrelli PLLC, Federman & Sherwood, Levi & Korsinsky, Barnow and Associates, and Shamis & Gentile P.A. — have announced investigations into potential claims against Persante for failing to safeguard personal and protected health information and for the roughly ten-month gap between intrusion (January 2025) and individual notification (November 2025). Expect proposed class complaints to be filed in federal court in New Jersey if and when they materialize; this page will be updated when a case is docketed.

What to do

  1. Read the letter carefully. It will identify which data elements were exposed for you specifically, supply your Kroll membership number, and state the enrollment deadline.
  2. Enroll in Kroll’s 24-month identity monitoring before the deadline stated in your letter. The package includes credit monitoring, fraud consultation, and identity theft restoration. Given that SSN, driver’s license, passport, and ITIN are all in scope, this is the higher-value remediation step.
  3. Freeze your credit with Equifax, Experian, and TransUnion. It is free, takes about ten minutes per bureau, and is the most effective single step against new-account fraud. Credit monitoring tells you after the fact; a freeze blocks new accounts upstream.
  4. File for an IRS Identity Protection PIN. SSN and ITIN exposure together are the exact combination used to file fraudulent tax returns. An IP PIN from the IRS blocks that vector for each filing season.
  5. Watch for medical-identity misuse. Because diagnosis, treatment, Medicare/Medicaid, and health-insurance data were involved, scrutinize Explanation of Benefits statements and request a one-time medical-records audit from your providers if anything looks unfamiliar.
  6. Verify all communications. Phishing referencing “Persante” and “sleep study data breach” is predictable now that the breach is public. Confirm any enrollment link through the printed letter or persante.com’s notice page, not through email or SMS links.
  7. Stop the ongoing flow of your sleep-study and diagnostic data. HealthConsent files HIPAA restriction requests so the medical condition, treatment, and diagnosis information exposed in this breach is not continuously re-shared across the networks of hospitals, insurers, and health information exchanges that Persante served as a business associate.

Sources

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.