Precipio Data Breach 2026 (INC RANSOM): 501+ Hematopathology Patients Exposed. 150 GB Leaked. Texas AG Filing Contradicts Initial 'No SSN' Statement. What To Do
Precipio, Inc. (NASDAQ: PRPO), a New Haven, Connecticut publicly-traded hematopathology company specializing in blood cancer diagnostics, was attacked by INC RANSOM in November 2025. 150 GB exfiltrated. Initial December disclosure claimed no SSN exposure; April 2026 Texas AG filing reveals 4,952 TX residents had SSNs, driver's licenses, and financial accounts in scope. Here is what to do.
You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.
Timeline
Nov 23, 2025
Unauthorized access to employee's cloud-based storage account; files copied
Nov 25, 2025
Precipio discovers the access
Dec 2, 2025
INC RANSOM posts Precipio on dark-web leak site claiming 150 GB exfiltrated
Dec 4, 2025
Precipio issues initial public statement ('isolated storage, no operational impact')
Jan 23, 2026
HHS OCR filing (501 interim); public notice posted
Apr 24, 2026
Individual notice letters mailed; website notice updated
Apr 28, 2026
Texas AG filing reveals 4,952 TX residents with broader PHI scope (SSN + DL + financial)
Nov 23, 2025
Unauthorized access to employee's cloud-based storage account; files copied
Nov 25, 2025
Precipio discovers the access
Dec 2, 2025
INC RANSOM posts Precipio on dark-web leak site claiming 150 GB exfiltrated
Dec 4, 2025
Precipio issues initial public statement ('isolated storage, no operational impact')
Jan 23, 2026
HHS OCR filing (501 interim); public notice posted
Apr 24, 2026
Individual notice letters mailed; website notice updated
Apr 28, 2026
Texas AG filing reveals 4,952 TX residents with broader PHI scope (SSN + DL + financial)
Data exposed
01
High-risk identity
Enables financial + identity theft
02
Health records
Don't expire and can't be reissued
03
Contact & insurance
Phishing + targeted scams
Class actions filed by
These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.
Your action plan, in five steps.
You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.
01
Accept credit monitoring
It’s the floor of the response. Take it.
02
Freeze your credit
Free at Equifax, Experian, TransUnion.
03
File IRS Form 14039
Prevent fraudulent tax return under your SSN.
04
Review your EOBs
Insurance statements catch medical identity theft early.
05
Stop the ongoing flow
Credit monitoring doesn’t cover your health records. HealthConsent does.
What happened
Precipio, Inc. (NASDAQ: PRPO) is a publicly-traded healthcare biotech headquartered in New Haven, Connecticut, specializing in hematopathology — diagnostic testing for blood cancers (leukemia, lymphoma, myeloma). The company’s mission is reducing cancer misdiagnosis. Patient samples and reports often carry highly sensitive cancer diagnostic information.
Between November 23 and 25, 2025, an unauthorized actor accessed an employee’s cloud-based storage account and copied files. Precipio discovered the access on November 25, 2025. On December 2, 2025, the INC RANSOM ransomware group posted Precipio on its dark-web leak site, claiming 150 GB of exfiltrated data.
On December 4, 2025, Precipio issued an initial public statement framing the incident as “isolated storage, no operational impact” and explicitly stating that “no patient SSNs, addresses, or financial information” were involved.
Precipio filed with HHS OCR on January 23, 2026 (501 interim count). Individual notification letters were mailed approximately April 24, 2026. On April 28, 2026, the Texas AG filing disclosed 4,952 Texas residents affected — and crucially, the Texas AG disclosure added Social Security numbers, driver’s license numbers, government IDs, and financial account information to the exposed-data list.
The disclosure evolution
Precipio’s December 4 statement said no SSNs or financial data were exposed. The April 28 Texas AG filing said the opposite. This evolving disclosure is itself a focal point for class action plaintiffs, and is a useful pattern to know for any healthcare breach: initial entity statements often understate scope; state AG filings (which require itemized disclosure under SB 446 / similar laws) often reveal the full picture months later.
The 501 figure on the HHS OCR portal is a placeholder; the Texas-only count of 4,952 indicates the actual nationwide number is materially higher.
INC RANSOM (also known as “Inc Ransom” / “Inc.”) is a double-extortion group active against healthcare since 2023. Massachusetts AG reports 227 MA residents; New Hampshire AG filing also confirmed.
What was stolen
Per individual notice letters and HIPAA Journal:
- Full name, home address, date of birth
- Medical record number
- Clinical / treatment information
- Procedure information, provider name
- Prescription information
- Health insurance information
Per Texas AG filing (additional categories):
- Social Security number
- Driver’s license number, government ID
- Financial account information
Given oncology context, exposed clinical data likely includes blood cancer diagnoses, pathology results, and treatment plans.
What Precipio is offering
Public sources do not confirm a credit monitoring program as part of Precipio’s response. The company initially framed the incident as non-material; no IDX or Experian enrollment is mentioned in HIPAA Journal coverage or the entity’s December 4 notice. Read your specific notification letter carefully — given the SSN + DL + financial exposure now confirmed, you should expect monitoring to be offered.
Initial corporate contact: [email protected] / +1-203-787-7888 ext. 523. Paubox cites a dedicated inquiry line: 917-664-7071 (Monday to Friday, 9 a.m. to 5 p.m. Eastern).
What to do
- Read your specific notification letter to confirm the data elements involved in your case — the disclosure has evolved, so older statements may not reflect your exposure.
- Place free credit freezes at Equifax, Experian, TransUnion. Full SSN, DL, and financial accounts are now confirmed in scope (per Texas AG filing).
- File IRS Form 14039.
- Cancel and reissue payment methods tied to financial accounts in scope.
- If your blood cancer diagnosis was in scope, recognize the employment and life insurance underwriting implications.
- Stop the ongoing flow of your hematopathology and oncology records. HealthConsent files HIPAA restriction requests so the cancer diagnostic, pathology, and treatment data exposed in this breach is not continuously re-shared.
Continue reading
Credit monitoring covers your wallet. HealthConsent covers your health records.
Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.
Protect my health dataCancel anytime · Family plan covers spouses + dependents
Sources & further reading
- Precipio: Notice of Unauthorized Access to Isolated Storage
- HIPAA Journal: Precipio Confirms Breach
- Hartford Business Journal: New Haven Biotech Precipio Data Breach
- ClassAction.org: Precipio January 2026 Case Page
- Federman & Sherwood: Precipio Investigation
- Strauss Borrelli: Precipio Investigation
- HHS OCR Breach Portal
Official HHS OCR Breach Portal: ocrportal.hhs.gov
About this page
This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.