Active breach tracker New Haven, CT Disclosed January 23, 2026

Precipio Data Breach 2026 (INC RANSOM): 501+ Hematopathology Patients Exposed. 150 GB Leaked. Texas AG Filing Contradicts Initial 'No SSN' Statement. What To Do

Precipio, Inc. (NASDAQ: PRPO), a New Haven, Connecticut publicly-traded hematopathology company specializing in blood cancer diagnostics, was attacked by INC RANSOM in November 2025. 150 GB exfiltrated. Initial December disclosure claimed no SSN exposure; April 2026 Texas AG filing reveals 4,952 TX residents had SSNs, driver's licenses, and financial accounts in scope. Here is what to do.

You have options. Scroll for the exact action steps, what your provider’s response covers, and what your health data needs beyond credit monitoring.

By HealthConsent Editorial Last updated Sources & methodology

Timeline

Nov 23, 2025

Unauthorized access to employee's cloud-based storage account; files copied

Nov 25, 2025

Precipio discovers the access

Dec 2, 2025

INC RANSOM posts Precipio on dark-web leak site claiming 150 GB exfiltrated

Dec 4, 2025

Precipio issues initial public statement ('isolated storage, no operational impact')

Jan 23, 2026

HHS OCR filing (501 interim); public notice posted

Apr 24, 2026

Individual notice letters mailed; website notice updated

Apr 28, 2026

Texas AG filing reveals 4,952 TX residents with broader PHI scope (SSN + DL + financial)

Data exposed

01

High-risk identity

Enables financial + identity theft

Date of birth Social Security number (per Texas AG filing — contradicting initial Dec 4 statement) Driver's license number (per Texas AG filing) Government ID (per Texas AG filing)

02

Health records

Don't expire and can't be reissued

Medical record number Clinical / treatment information Prescription information Blood cancer diagnoses, pathology results, and treatment plans (per oncology context)

03

Contact & insurance

Phishing + targeted scams

Full name Home address Procedure information Provider name Health insurance information Financial account information (per Texas AG filing)

Class actions filed by

These firms have publicly announced investigations. You may be eligible to join. We are not a law firm and cannot give legal advice.

Federman & Sherwood (publicly investigating) Migliaccio & Rathod LLP (publicly investigating; announced 4/27/26) Strauss Borrelli PLLC (publicly investigating; announced 2/11/26)
If you received a letter

Your action plan, in five steps.

You have more rights than the notification letter explains. Each step below is a concrete thing you can do today. Full detail and timing in the sections that follow.

01

Accept credit monitoring

It’s the floor of the response. Take it.

02

Freeze your credit

Free at Equifax, Experian, TransUnion.

03

File IRS Form 14039

Prevent fraudulent tax return under your SSN.

04

Review your EOBs

Insurance statements catch medical identity theft early.

05

Stop the ongoing flow

Credit monitoring doesn’t cover your health records. HealthConsent does.

Jump to step 5: protect my health data

What happened

Precipio, Inc. (NASDAQ: PRPO) is a publicly-traded healthcare biotech headquartered in New Haven, Connecticut, specializing in hematopathology — diagnostic testing for blood cancers (leukemia, lymphoma, myeloma). The company’s mission is reducing cancer misdiagnosis. Patient samples and reports often carry highly sensitive cancer diagnostic information.

Between November 23 and 25, 2025, an unauthorized actor accessed an employee’s cloud-based storage account and copied files. Precipio discovered the access on November 25, 2025. On December 2, 2025, the INC RANSOM ransomware group posted Precipio on its dark-web leak site, claiming 150 GB of exfiltrated data.

On December 4, 2025, Precipio issued an initial public statement framing the incident as “isolated storage, no operational impact” and explicitly stating that “no patient SSNs, addresses, or financial information” were involved.

Precipio filed with HHS OCR on January 23, 2026 (501 interim count). Individual notification letters were mailed approximately April 24, 2026. On April 28, 2026, the Texas AG filing disclosed 4,952 Texas residents affected — and crucially, the Texas AG disclosure added Social Security numbers, driver’s license numbers, government IDs, and financial account information to the exposed-data list.

The disclosure evolution

Precipio’s December 4 statement said no SSNs or financial data were exposed. The April 28 Texas AG filing said the opposite. This evolving disclosure is itself a focal point for class action plaintiffs, and is a useful pattern to know for any healthcare breach: initial entity statements often understate scope; state AG filings (which require itemized disclosure under SB 446 / similar laws) often reveal the full picture months later.

The 501 figure on the HHS OCR portal is a placeholder; the Texas-only count of 4,952 indicates the actual nationwide number is materially higher.

INC RANSOM (also known as “Inc Ransom” / “Inc.”) is a double-extortion group active against healthcare since 2023. Massachusetts AG reports 227 MA residents; New Hampshire AG filing also confirmed.

What was stolen

Per individual notice letters and HIPAA Journal:

  • Full name, home address, date of birth
  • Medical record number
  • Clinical / treatment information
  • Procedure information, provider name
  • Prescription information
  • Health insurance information

Per Texas AG filing (additional categories):

  • Social Security number
  • Driver’s license number, government ID
  • Financial account information

Given oncology context, exposed clinical data likely includes blood cancer diagnoses, pathology results, and treatment plans.

What Precipio is offering

Public sources do not confirm a credit monitoring program as part of Precipio’s response. The company initially framed the incident as non-material; no IDX or Experian enrollment is mentioned in HIPAA Journal coverage or the entity’s December 4 notice. Read your specific notification letter carefully — given the SSN + DL + financial exposure now confirmed, you should expect monitoring to be offered.

Initial corporate contact: [email protected] / +1-203-787-7888 ext. 523. Paubox cites a dedicated inquiry line: 917-664-7071 (Monday to Friday, 9 a.m. to 5 p.m. Eastern).

What to do

  1. Read your specific notification letter to confirm the data elements involved in your case — the disclosure has evolved, so older statements may not reflect your exposure.
  2. Place free credit freezes at Equifax, Experian, TransUnion. Full SSN, DL, and financial accounts are now confirmed in scope (per Texas AG filing).
  3. File IRS Form 14039.
  4. Cancel and reissue payment methods tied to financial accounts in scope.
  5. If your blood cancer diagnosis was in scope, recognize the employment and life insurance underwriting implications.
  6. Stop the ongoing flow of your hematopathology and oncology records. HealthConsent files HIPAA restriction requests so the cancer diagnostic, pathology, and treatment data exposed in this breach is not continuously re-shared.

Continue reading

Stop your data from spreading further

Credit monitoring covers your wallet. HealthConsent covers your health records.

Your stolen diagnoses, test results, and medical record numbers don’t expire when the free credit-monitoring window ends. HealthConsent automates HIPAA restriction requests and opt-outs across providers, insurers, HIEs, and prescription networks so the data taken in this breach can’t keep being shared and sold by other entities downstream.

Protect my health data

Cancel anytime · Family plan covers spouses + dependents

About this page

This page is compiled from public regulatory filings, the breached entity’s own disclosures, and reporting from established healthcare-privacy outlets. Some sections are assembled with the help of automated research and may contain errors, summaries that lag the underlying source, or details that have since been revised. Treat it as a starting point, not legal advice or an authoritative record. If you spot something inaccurate, the linked sources above are the canonical record. For questions about your individual situation, contact the breached entity directly or consult a licensed attorney.